|
|
|
|
- Readme First! - Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 803 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
| The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
No Comments Allowed for Anonymous, please register | | | | |
Re: Admin Exploit - XSS Type (Score: 1) by Zhen-Xjell on Monday, March 22 @ 16:58:28 CET (User Info | Send a Message) http://castlecops.com | Your suggestion doesn't answer the code I have seen that effectively allows admins to be created. And as stated this is a patch until admin.php can be 'enhanced'.
As for accessing admin.php, you are right, unless the referer is passed, then access is cut off. So I highly recommend you use something that passes it. |
| Parent | | | | |
Re: Admin Exploit - XSS Type (Score: 1) by Zhen-Xjell on Monday, March 22 @ 17:05:36 CET (User Info | Send a Message) http://castlecops.com | Taking a look at the patch again, that means if any of the ops are used outside of 'updateauthor' then it doesn't work. That will effectively break the use of edit authors for authentic admins on the site. |
| Parent | | | | | |
|