Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web BBS :: Frequently Exploited :: hack7429.htm

phpbb 2.0.13 Exploit (bug)
phpbb 2.0.13 Exploit (bug)

# phpBB 2.0.13 failure to reset user level after failed exploit
# discovered By : tOnk3r 
# e-mail : m[at]spywire[dot]net
# date : 22-march-05
# shouts: pureone, crew , and everybody i know!
# Versions affected : ALL versions upto and including 2.0.13
# status : vendor notified (phpbb)

phpBB is a high powered, fully scalable, and highly customisable open-source
bulletin board package. phpBB has a user-friendly interface, simple and 
straightforward administration panel, and helpful FAQ. Based on the powerful 
PHP server language and your choice of MySQL, MS-SQL, PostgreSQL or

database servers, phpBB is the ideal free community solution for all web


This exploit is an extention of the phpbb 2.0.12 boolean exploit that
can be found here . 

This exploit works because the login allows true boolean strings to 
be entered in place of the password hash and session id.
It allows an attacker to login as any user without having to enter
any authentication by editing a cookie and sending it back to the site.

The bug i discovered is a bug in the user privlage reset.
After trying to exploit a patched forum the user remains as admin, 
even though the forum is patched. The forum fails to reset the 
attackers status to guest after a failed exploit.

The attacker is able to view invisible members and the "admin control
pannel" link

but is unable to navigate the forum as admin.

With some more investigation im certain a critical exploit can be found.
but so far i am unable to keep admin status after clicking another link.


if you have any more info on this bug please notify me
either at m[at]spywire[dot]net
or at 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH