| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Jan 2005 18:25:32 -0500 From: Aaron Klein <klein.aaron@...il.com> To: bugtraq@...urityfocus.com Subject: Re: List of all admin accounts in phpBB Or just search your phpbb_users table in your database for users that have a user_level = 1. Those are admins. User_level of 0 coresponds to regular users and User_level of 2 are moderators. On Tue, 25 Jan 2005 23:48:20 +0100, Predrag Damnjanovic <bugtraq@...ity.co.yu> wrote: > After discovering 'highlight' vulnerability in phpBB, many forums > were patched, but... it is possible that attackers created a [secret] > admin accounts... > It is very hard to find secret admin accounts if the forum has too > many users... you must check every account... > > So, here is a simple PHP script, that will show a list of all admin > accounts on your phpBB forum. > Just simply copy this file to phpBB directory... > > After you find a attacker admin accounts, and remove admin status > from those accounts, you can delete this script, and of course, you > should upgrade your phpBB to the latest version. > > A demonstration of this script can be found at > http://www.mycity.co.yu/phpbb/admin_list.php > > Best regards, > Predrag Damnjanovic > http://www.mycity.co.yu/ > > > -- Have pets? Get the help you need from the Pet Advice Network. We have 6 websites ready to help you. http://www.petadvice.net
Powered by blists - more mailing lists