Bugtraqmailing list archives
List of all admin accounts in phpBB
From: "Predrag Damnjanovic" <bugtraq () mycity co yu>
Date: Tue, 25 Jan 2005 23:48:20 +0100
After discovering 'highlight' vulnerability in phpBB, many forums were patched, but... it is possible that attackers created a [secret] admin accounts...It is very hard to find secret admin accounts if the forum has too many users... you must check every account...So, here is a simple PHP script, that will show a list of all admin accounts on your phpBB forum.Just simply copy this file to phpBB directory...After you find a attacker admin accounts, and remove admin status from those accounts, you can delete this script, and of course, you should upgrade your phpBB to the latest version.A demonstration of this script can be found athttp://www.mycity.co.yu/phpbb/admin_list.phpBest regards,Predrag Damnjanovichttp://www.mycity.co.yu/
Attachment:admin_list.php
Description:
Current thread:
- List of all admin accounts in phpBBPredrag Damnjanovic (Jan 26)
- Re: List of all admin accounts in phpBBAaron Klein (Jan 26)
- Re: List of all admin accounts in phpBBPaul Laudanski (Jan 29)
- Re: List of all admin accounts in phpBBAaron Klein (Jan 26)