RE: To be honest...

[Replies] [Reply] [View by Thread] [Help]
[Back To Security]

Ker JeiAr

www.gulftech.org/images/brute.jpg

I don't think they understand exactly what I mean. For example.

"The issues noted concerning the admin scripts are effectively of no concern. To be able to take advantage of said vulnerabilities you must be an admin. If you're an admin why would you want to bother jumping through hoops to discover another users password? You could simply go in, set it to whatever you like and tada, off you go"

See, why the hell would you as an admin change a users pass just to log in as said user? The reason you would want the has is because people are notorious for using the same passwords in more than one place.

And you are right about my findings being very script kiddie in nature. I mean, all someone wanting to exploit the issue has to do is craft a url and stick it in an [ img ] tag.

I dunno what phpBB's deal with this issue is, but to be honest it is making me think twice about whether or not I will contact them again in the future regarding vulns. They always make it a point to say how much people need to contact them regarding vulns before going public, but when they act like you are just over reacting to what I know are very serious it makes you have doubts.

They say in regards to the session id/command exec vuln the following

"Since then we've had absolutely no reports of problems. We retained session checking in areas like modcp to prevent "spoofing" of moderator functions from 3rd party sites or local links."

Yet the only limits to get an admin (pfft @ a mod) to execute commands unknowingly is to pick a command which gets it's values via the GET method.

I just don't know man, if ready response were still around I would propose a mission to make phpBB see the seriousness of these issues.

if you go to gulftech.org/forums you will see I pulled my phpBB forum offline after my findings. I would not have did this if I did not consider the issue serious. :-\

GulfTech Security Research
SubScan 1.2

Replies:

phpBB 2.0.7a And Earlier Security Issues - Ker JeiAr 2004-03-22 04:23:47
- Some Fixes For These Issues - Ret. Ker JeiAr 2004-03-25 12:11:30
  - sweet man :) - LtKer Semper 2004-03-25 16:48:09
    - RE: sweet man :) - Ret. Ker JeiAr 2004-03-25 19:01:33
- Hmmmm ... - Ker JeiAr 2004-03-23 20:40:47
  - Hah. - Lt Obscurity 2004-03-24 03:17:41
- Want Some Opinions - Ker JeiAr 2004-03-23 05:18:00
  - RE: Want Some Opinions - Lt Obscurity 2004-03-23 07:46:48
    - I'm with you, they are on crack with this one... - Ret. Mar Ikioi 2004-03-23 11:00:34
      - RE: I'm with you, they are on crack with this one... - Ker JeiAr 2004-03-23 17:14:55
      - Development Teams Reply - Lt Obscurity 2004-03-23 14:19:18
        RE: Development Teams Reply - Ker JeiAr 2004-03-23 17:17:53
        RE: Development Teams Reply - Ker JeiAr 2004-03-23 17:31:30
        RE: Development Teams Reply - Lt Obscurity 2004-03-23 17:25:16
        RE: Development Teams Reply - Ker JeiAr 2004-03-23 17:33:40
        RE: Development Teams Reply - Lt Obscurity 2004-03-23 18:15:38
        RE: Development Teams Reply - Ker JeiAr 2004-03-23 19:39:35
        RE: Development Teams Reply - Lt Obscurity 2004-03-24 03:14:15
      - Posted to their forum... - Ret. Mar Ikioi 2004-03-23 11:37:22
        RE: Posted to their forum... - Ker JeiAr 2004-03-23 17:49:48
        Argh if someone could delete the post previous - Lt Obscurity 2004-03-23 11:50:55
        Done :) - Ret. Ker JeiAr 2004-03-24 05:31:16
        Hah thanks... - Lt Obscurity 2004-03-24 06:04:35
    - RE: Want Some Opinions - Ker JeiAr 2004-03-23 08:05:01
      - To be honest... - Lt Obscurity 2004-03-23 08:21:38
        >RE: To be honest... - Ker JeiAr 2004-03-23 08:32:53 <
        RE: To be honest... - Lt Obscurity 2004-03-23 08:40:09
        RE: To be honest... - Ker JeiAr 2004-03-23 08:54:05
        RE: To be honest... - Lt Obscurity 2004-03-23 09:07:57
        'respond' :D -nt- - LtKer Bastian 2004-03-23 11:16:40
        RE: To be honest... - Maj zaydana 2004-03-23 09:25:26
        GPL... just fork it. ;) -nt- - Ret. Mar Ikioi 2004-03-23 11:39:41
        Ikioi [more] - Lt Obscurity 2004-03-24 10:21:14

Guest:
Subject:
Message:	On 2004-03-23 08:32:53, JeiAr wrote >I don't think they understand exactly what I mean. For example. > >"The issues noted concerning the admin scripts are effectively of no concern. To be able to take advantage of said vulnerabilities you must be an admin. If you're an admin why would you want to bother jumping through hoops to discover another users password? You could simply go in, set it to whatever you like and tada, off you go" > >See, why the hell would you as an admin change a users pass just to log in as said user? The reason you would want the has is because people are notorious for using the same passwords in more than one place. > >And you are right about my findings being very script kiddie in nature. I mean, all someone wanting to exploit the issue has to do is craft a url and stick it in an [ img ] tag. > >I dunno what phpBB's deal with this issue is, but to be honest it is making me think twice about whether or not I will contact them again in the future regarding vulns. They always make it a point to say how much people need to contact them regarding vulns before going public, but when they act like you are just over reacting to what I know are very serious it makes you have doubts. > >They say in regards to the session id/command exec vuln the following > >"Since then we've had absolutely no reports of problems. We retained session checking in areas like modcp to prevent "spoofing" of moderator functions from 3rd party sites or local links." > >Yet the only limits to get an admin (pfft @ a mod) to execute commands unknowingly is to pick a command which gets it's values via the GET method. > >I just don't know man, if ready response were still around I would propose a mission to make phpBB see the seriousness of these issues. > >if you go to gulftech.org/forums you will see I pulled my phpBB forum offline after my findings. I would not have did this if I did not consider the issue serious. :-\
Signature:
Optional Image Link:
http://

CyberArmy::Forum v0.6
Generated In 0.01049 seconds