Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18358
HistoryNov 07, 2007 - 12:00 a.m.

SMF .htaccess bypass

2007-11-0700:00:00
vulners.com
74

./start

Discovered by Seph1roth on June 2007 (was priv8)

Vulnerable: Simple Machine Forum [ALL Versions]

Visit: http://www.blackroots.it - Best hacking site.

Description:

If smf has index.php?action=admin in .htaccess ,i can bypass that by typing in the url some variable of
administration panel :

example:

index.php?action=admin (.htaccess,then access denied)
index.php?action=membergroups (accessible)
index.php?action=news (accessible)
index.php?action=featuresettings (accessible)

…and others…

i can bypass and enter the administration by typing the accessible variables in the url…

Greets to all BlackRoots Users

Shoutz to all kiddies

./end