TUCoPS :: HP Unsorted S :: tb13304.htm

SMF .htaccess bypass
SMF .htaccess bypass
SMF .htaccess bypass


# ./start
#
# Discovered by Seph1roth on June 2007 (was priv8)
#
# Vulnerable: Simple Machine Forum [ALL Versions]
#
# Visit: http://www.blackroots.it - Best hacking site.
#
# Description:

If smf has index.php?action=admin in .htaccess ,i can bypass that by typing in the url some variable of administration panel :

example:

index.php?action=admin (.htaccess,then access denied)
index.php?action=membergroups (accessible)
index.php?action=news (accessible)
index.php?action=featuresettings (accessible)

...and others...

i can bypass and enter the administration by typing the accessible variables in the url...

# Greets to all BlackRoots Users
#
# Shoutz to all kiddies
#
# ./end

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH