List of all admin accounts in phpBB
From: Predrag Damnjanovic (bugtraq_at_mycity.co.yu)
To: firstname.lastname@example.org Date: Tue, 25 Jan 2005 23:48:20 +0100
After discovering 'highlight' vulnerability in phpBB, many forums
were patched, but... it is possible that attackers created a [secret]
It is very hard to find secret admin accounts if the forum has too
many users... you must check every account...
So, here is a simple PHP script, that will show a list of all admin
accounts on your phpBB forum.
Just simply copy this file to phpBB directory...
After you find a attacker admin accounts, and remove admin status
from those accounts, you can delete this script, and of course, you
should upgrade your phpBB to the latest version.
A demonstration of this script can be found at
- Application/Octet-stream attachment: admin_list.php