Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: List of all admin accounts in phpBB
From: Aaron Klein <klein.aaron () gmail com>
Date: Wed, 26 Jan 2005 18:25:32 -0500
Or just search your phpbb_users table in your database for users that
have a user_level = 1.  Those are admins.  User_level of 0 coresponds
to regular users and User_level of 2 are moderators.

On Tue, 25 Jan 2005 23:48:20 +0100, Predrag Damnjanovic
<bugtraq () mycity co yu> wrote:

After discovering 'highlight' vulnerability in phpBB, many forums
were patched, but... it is possible that attackers created a [secret]
admin accounts...
It is very hard to find secret admin accounts if the forum has too
many users... you must check every account...

So, here is a simple PHP script, that will show a list of all admin
accounts on your phpBB forum.
Just simply copy this file to phpBB directory...

After you find a attacker admin accounts, and remove admin status
from those accounts, you can delete this script, and of course, you
should upgrade your phpBB to the latest version.

A demonstration of this script can be found at
http://www.mycity.co.yu/phpbb/admin_list.php

Best regards,
Predrag Damnjanovic
http://www.mycity.co.yu/






-- 
Have pets?  Get the help you need from the Pet Advice Network.
We have 6 websites ready to help you.  http://www.petadvice.net

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]