Bugtraq mailing list archives
SMF .htaccess bypass
From: h3llcode () hotmail it
Date: 6 Nov 2007 09:36:42 -0000
# ./start # # Discovered by Seph1roth on June 2007 (was priv8) # # Vulnerable: Simple Machine Forum [ALL Versions] # # Visit: http://www.blackroots.it - Best hacking site. # # Description: If smf has index.php?action=admin in .htaccess ,i can bypass that by typing in the url some variable of administration panel : example: index.php?action=admin (.htaccess,then access denied) index.php?action=membergroups (accessible) index.php?action=news (accessible) index.php?action=featuresettings (accessible) ...and others... i can bypass and enter the administration by typing the accessible variables in the url... # Greets to all BlackRoots Users # # Shoutz to all kiddies # # ./end
Current thread:
- SMF .htaccess bypass h3llcode (Nov 06)
- Re: SMF .htaccess bypass Matt D. Harris (Nov 06)
- Re: SMF .htaccess bypass anuj tenani (Nov 06)
- Re: SMF .htaccess bypass Matt D. Harris (Nov 06)