You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 150 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Minor security flaw in Fortress Beta 1.20? [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

Minor security flaw in Fortress Beta 1.20?
Goto page Previous  1, 2		  
This forum is locked: you cannot post, reply to, or edit topics.  This topic is locked: you cannot edit posts or make replies.printer-friendly view Nuke Cops Forum Index » Fortress™
View previous topic Log in to check your private messages View next topic
Author Message
xfsunolesphp
Lieutenant
Lieutenant


Joined: Apr 05, 2003
Posts: 208

Location: Melbourne, FL
PostPosted: Wed May 26, 2004 7:28 am Reply with quoteBack to top
if you do ?admin it didn't stop blind code. &admin is another way to see selection from database failed.
Find all posts by xfsunolesphpView user's profileSend private messageVisit poster's websiteAIM AddressYahoo Messenger
Zhen-Xjell
Nuke Cops Founder
Nuke Cops Founder


Joined: Nov 14, 2002
Posts: 5939
PostPosted: Wed May 26, 2004 7:44 pm Reply with quoteBack to top
One cannot access admin.php unless its the first parameter called after the ?. The &admin is not the actual file called, which is what I'm really after.

_________________
Paul Laudanski, Microsoft MVP Windows-Security
CastleCops: [de] [en] [wiki]
Find all posts by Zhen-XjellView user's profileSend private messageSend e-mailVisit poster's website
xfsunolesphp
Lieutenant
Lieutenant


Joined: Apr 05, 2003
Posts: 208

Location: Melbourne, FL
PostPosted: Wed May 26, 2004 7:53 pm Reply with quoteBack to top
can you try &admin?
Find all posts by xfsunolesphpView user's profileSend private messageVisit poster's websiteAIM AddressYahoo Messenger
marcoledingue
Captain
Captain


Joined: Jun 15, 2003
Posts: 322

Location: Paris, FRANCE
PostPosted: Thu May 27, 2004 12:58 am Reply with quoteBack to top
i can confirm that the &admin protection is usefull !
i've seen a hacker using this.
it's not to accesss admin.php, but to fake the admin cookie-variable.

ZX i can give you the hack url by MP if you want.

_________________
Support website for Sommaire Paramétrable : http://marcoledingue.free.fr
Find all posts by marcoledingueView user's profileSend private messageVisit poster's website
Zhen-Xjell
Nuke Cops Founder
Nuke Cops Founder


Joined: Nov 14, 2002
Posts: 5939
PostPosted: Thu May 27, 2004 6:23 am Reply with quoteBack to top
Yes I'd like to see this in action.

_________________
Paul Laudanski, Microsoft MVP Windows-Security
CastleCops: [de] [en] [wiki]
Find all posts by Zhen-XjellView user's profileSend private messageSend e-mailVisit poster's website
Display posts from previous:      
This forum is locked: you cannot post, reply to, or edit topics.  This topic is locked: you cannot edit posts or make replies.printer-friendly view Nuke Cops Forum Index » Fortress™
View previous topic Log in to check your private messages View next topic
Goto page Previous  1, 2 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.419 Seconds - 91 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::