SMF .htaccess bypass

2007-11-07T00:00:00
ID SECURITYVULNS:DOC:18358
Type securityvulns
Reporter Securityvulns
Modified 2007-11-07T00:00:00

Description

./start

Discovered by Seph1roth on June 2007 (was priv8)

Vulnerable: Simple Machine Forum [ALL Versions]

Visit: http://www.blackroots.it - Best hacking site.

Description:

If smf has index.php?action=admin in .htaccess ,i can bypass that by typing in the url some variable of administration panel :

example:

index.php?action=admin (.htaccess,then access denied) index.php?action=membergroups (accessible) index.php?action=news (accessible) index.php?action=featuresettings (accessible)

...and others...

i can bypass and enter the administration by typing the accessible variables in the url...

Greets to all BlackRoots Users

Shoutz to all kiddies

./end