List of all admin accounts in phpBB
From: Predrag Damnjanovic (bugtraq_at_mycity.co.yu)
Date: 01/25/05
- Previous message: Mandrake Linux Security Team: "MDKSA-2005:022 - Updated cups packages fix multiple vulnerabilities"
- Next in thread: Aaron Klein: "Re: List of all admin accounts in phpBB"
- Reply: Aaron Klein: "Re: List of all admin accounts in phpBB"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: bugtraq@securityfocus.com Date: Tue, 25 Jan 2005 23:48:20 +0100
After discovering 'highlight' vulnerability in phpBB, many forums
were patched, but... it is possible that attackers created a [secret]
admin accounts...
It is very hard to find secret admin accounts if the forum has too
many users... you must check every account...
So, here is a simple PHP script, that will show a list of all admin
accounts on your phpBB forum.
Just simply copy this file to phpBB directory...
After you find a attacker admin accounts, and remove admin status
from those accounts, you can delete this script, and of course, you
should upgrade your phpBB to the latest version.
A demonstration of this script can be found at
http://www.mycity.co.yu/phpbb/admin_list.php
Best regards,
Predrag Damnjanovic
http://www.mycity.co.yu/
- Application/Octet-stream attachment: admin_list.php
- Previous message: Mandrake Linux Security Team: "MDKSA-2005:022 - Updated cups packages fix multiple vulnerabilities"
- Next in thread: Aaron Klein: "Re: List of all admin accounts in phpBB"
- Reply: Aaron Klein: "Re: List of all admin accounts in phpBB"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
