• geepee
  • Junior Member
  • Offline
  • Registered: 2005-06-14
  • Posts: 4

Topic: New user gained admin access

I had a user sign up at a forum that I've been running with some people I know...he signed up with a username of "31337", so when I saw that as a new user, I clicked on it, and his profile was showing he was an administrator.  I checked the server logs, and I see lots of stuff in there, and that he found the forum searching google for "Powered by punbb 1.2.1".

Are there any known exploits in 1.2.1 that will allow somone to easily gain admin access?  Obciusly, I'm going to upgrade from 1.2.1 now, but I'd just like to know for future reference.

  • geepee
  • Junior Member
  • Offline
  • Registered: 2005-06-14
  • Posts: 4

Re: New user gained admin access

62.217.133.143 - - [14/Jun/2005:09:47:43 -0400] "GET /forums/ HTTP/1.1" 200 3028 hiredgoonz.net "http://www.google.com/search?q=%22Powered+by+PunBB+1.2.1%22&sourceid=opera&num=0&ie=utf-8&oe=utf-8" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:47:44 -0400] "GET /forums/style/oxygen.css HTTP/1.1" 200 7819 hiredgoonz.net "http://hiredgoonz.net/forums/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:47:44 -0400] "GET /favicon.ico HTTP/1.1" 200 0 hiredgoonz.net "http://hiredgoonz.net/forums/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:47:47 -0400] "GET /forums/style/imports/base.css HTTP/1.1" 200 6899 hiredgoonz.net "http://hiredgoonz.net/forums/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:47:47 -0400] "GET /forums/style/imports/Oxygen_cs.css HTTP/1.1" 301 272 hiredgoonz.net "http://hiredgoonz.net/forums/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:47:50 -0400] "GET /forums/style/imports/oxygen_cs.css HTTP/1.1" 200 4124 hiredgoonz.net "http://hiredgoonz.net/forums/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:48:11 -0400] "GET /forums/register.php HTTP/1.1" 200 7832 hiredgoonz.net "http://hiredgoonz.net/forums/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:48:14 -0400] "GET /forums/style/imports/Oxygen_cs.css HTTP/1.1" 301 272 hiredgoonz.net "http://hiredgoonz.net/forums/register.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:48:28 -0400] "GET /favicon.ico HTTP/1.1" 200 0 hiredgoonz.net "http://hiredgoonz.net/forums/register.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:48:29 -0400] "GET /forums/style/imports/oxygen_cs.css HTTP/1.1" 304 - hiredgoonz.net "http://hiredgoonz.net/forums/register.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:48:41 -0400] "POST /forums/register.php?action=register HTTP/1.1" 200 805 hiredgoonz.net "http://hiredgoonz.net/forums/register.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:48:42 -0400] "GET /forums/style/imports/Oxygen_cs.css HTTP/1.1" 301 272 hiredgoonz.net "http://hiredgoonz.net/forums/register.php?action=register" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:48:43 -0400] "GET /favicon.ico HTTP/1.1" 200 0 hiredgoonz.net "http://hiredgoonz.net/forums/register.php?action=register" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:48:43 -0400] "GET /forums/style/imports/oxygen_cs.css HTTP/1.1" 304 - hiredgoonz.net "http://hiredgoonz.net/forums/register.php?action=register" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:48:45 -0400] "GET /forums/index.php HTTP/1.1" 200 8506 hiredgoonz.net "http://hiredgoonz.net/forums/register.php?action=register" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:48:46 -0400] "GET /forums/index.php HTTP/1.1" 200 8506 hiredgoonz.net "http://hiredgoonz.net/forums/register.php?action=register" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:48:47 -0400] "GET /forums/style/imports/Oxygen_cs.css HTTP/1.1" 301 272 hiredgoonz.net "http://hiredgoonz.net/forums/index.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:48:48 -0400] "GET /forums/style/imports/oxygen_cs.css HTTP/1.1" 304 - hiredgoonz.net "http://hiredgoonz.net/forums/index.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:48:48 -0400] "GET /favicon.ico HTTP/1.1" 200 0 hiredgoonz.net "http://hiredgoonz.net/forums/index.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:48:53 -0400] "GET /forums/userlist.php HTTP/1.1" 200 13935 hiredgoonz.net "http://hiredgoonz.net/forums/index.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:48:55 -0400] "GET /forums/style/imports/Oxygen_cs.css HTTP/1.1" 301 272 hiredgoonz.net "http://hiredgoonz.net/forums/userlist.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:48:56 -0400] "GET /forums/style/imports/oxygen_cs.css HTTP/1.1" 304 - hiredgoonz.net "http://hiredgoonz.net/forums/userlist.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:48:56 -0400] "GET /favicon.ico HTTP/1.1" 200 0 hiredgoonz.net "http://hiredgoonz.net/forums/userlist.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:49:22 -0400] "GET /forums/userlist.php?username=&show_group=-1&sort_by=username&sort_dir=ASC&p=2 HTTP/1.1" 200 13999 hiredgoonz.net "http://hiredgoonz.net/forums/userlist.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:49:23 -0400] "GET /forums/style/imports/Oxygen_cs.css HTTP/1.1" 301 272 hiredgoonz.net "http://hiredgoonz.net/forums/userlist.php?username=&show_group=-1&sort_by=username&sort_dir=ASC&p=2" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:49:24 -0400] "GET /forums/style/imports/oxygen_cs.css HTTP/1.1" 304 - hiredgoonz.net "http://hiredgoonz.net/forums/userlist.php?username=&show_group=-1&sort_by=username&sort_dir=ASC&p=2" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:49:25 -0400] "GET /favicon.ico HTTP/1.1" 200 0 hiredgoonz.net "http://hiredgoonz.net/forums/userlist.php?username=&show_group=-1&sort_by=username&sort_dir=ASC&p=2" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:49:30 -0400] "GET /forums/index.php HTTP/1.1" 200 8506 hiredgoonz.net "http://hiredgoonz.net/forums/userlist.php?username=&show_group=-1&sort_by=username&sort_dir=ASC&p=2" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:49:31 -0400] "GET /forums/style/imports/Oxygen_cs.css HTTP/1.1" 301 272 hiredgoonz.net "http://hiredgoonz.net/forums/index.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:49:32 -0400] "GET /favicon.ico HTTP/1.1" 200 0 hiredgoonz.net "http://hiredgoonz.net/forums/index.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:49:33 -0400] "GET /forums/style/imports/oxygen_cs.css HTTP/1.1" 304 - hiredgoonz.net "http://hiredgoonz.net/forums/index.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:49:45 -0400] "GET /forums/style/imports/Oxygen_cs.css HTTP/1.1" 301 272 hiredgoonz.net "http://hiredgoonz.net/forums/viewforum.php?id=2" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:49:46 -0400] "GET /forums/viewforum.php?id=2 HTTP/1.1" 200 15480 hiredgoonz.net "http://hiredgoonz.net/forums/index.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:49:47 -0400] "GET /forums/style/imports/oxygen_cs.css HTTP/1.1" 304 - hiredgoonz.net "http://hiredgoonz.net/forums/viewforum.php?id=2" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:49:47 -0400] "GET /favicon.ico HTTP/1.1" 200 0 hiredgoonz.net "http://hiredgoonz.net/forums/viewforum.php?id=2" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:50:01 -0400] "GET /forums/userlist.php?username=quimper&show_group=-1&sort_by=username&sort_dir=ASC&search=Submit HTTP/1.1" 200 4064 hiredgoonz.net "http://hiredgoonz.net/forums/userlist.php?username=&show_group=-1&sort_by=username&sort_dir=ASC&p=2" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:50:02 -0400] "GET /forums/style/imports/Oxygen_cs.css HTTP/1.1" 301 272 hiredgoonz.net "http://hiredgoonz.net/forums/userlist.php?username=quimper&show_group=-1&sort_by=username&sort_dir=ASC&search=Submit" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:50:03 -0400] "GET /forums/style/imports/oxygen_cs.css HTTP/1.1" 304 - hiredgoonz.net "http://hiredgoonz.net/forums/userlist.php?username=quimper&show_group=-1&sort_by=username&sort_dir=ASC&search=Submit" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:50:05 -0400] "GET /favicon.ico HTTP/1.1" 200 0 hiredgoonz.net "http://hiredgoonz.net/forums/userlist.php?username=quimper&show_group=-1&sort_by=username&sort_dir=ASC&search=Submit" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:50:12 -0400] "GET /forums/profile.php?id=4 HTTP/1.1" 200 3789 hiredgoonz.net "http://hiredgoonz.net/forums/userlist.php?username=quimper&show_group=-1&sort_by=username&sort_dir=ASC&search=Submit" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:50:13 -0400] "GET /forums/style/imports/Oxygen_cs.css HTTP/1.1" 301 272 hiredgoonz.net "http://hiredgoonz.net/forums/profile.php?id=4" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:50:13 -0400] "GET /favicon.ico HTTP/1.1" 200 0 hiredgoonz.net "http://hiredgoonz.net/forums/profile.php?id=4" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:50:14 -0400] "GET /forums/style/imports/oxygen_cs.css HTTP/1.1" 304 - hiredgoonz.net "http://hiredgoonz.net/forums/profile.php?id=4" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:50:14 -0400] "GET /forums/img/avatars/4.jpg HTTP/1.1" 200 1770 hiredgoonz.net "http://hiredgoonz.net/forums/profile.php?id=4" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
24.43.103.231 - - [14/Jun/2005:09:50:19 -0400] "GET /forums/index.php HTTP/1.1" 200 8576 hiredgoonz.net "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" "-"
62.217.133.143 - - [14/Jun/2005:09:50:19 -0400] "GET /forums/userlist.php?username=31337&show_group=-1&sort_by=username&sort_dir=ASC&search=Submit HTTP/1.1" 200 4046 hiredgoonz.net "http://hiredgoonz.net/forums/userlist.php?username=quimper&show_group=-1&sort_by=username&sort_dir=ASC&search=Submit" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
24.43.103.231 - - [14/Jun/2005:09:50:19 -0400] "GET /forums/style/cobalt.css HTTP/1.1" 304 - hiredgoonz.net "http://hiredgoonz.net/forums/index.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" "-"
24.43.103.231 - - [14/Jun/2005:09:50:19 -0400] "GET /forums/style/imports/minmax.js HTTP/1.1" 304 - hiredgoonz.net "http://hiredgoonz.net/forums/index.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" "-"
24.43.103.231 - - [14/Jun/2005:09:50:20 -0400] "GET /forums/style/imports/base.css HTTP/1.1" 304 - hiredgoonz.net "http://hiredgoonz.net/forums/index.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" "-"
24.43.103.231 - - [14/Jun/2005:09:50:20 -0400] "GET /forums/style/imports/Cobalt_cs.css HTTP/1.1" 301 272 hiredgoonz.net "http://hiredgoonz.net/forums/index.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" "-"
24.43.103.231 - - [14/Jun/2005:09:50:20 -0400] "GET /forums/style/imports/cobalt_cs.css HTTP/1.1" 304 - hiredgoonz.net "http://hiredgoonz.net/forums/index.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" "-"
62.217.133.143 - - [14/Jun/2005:09:50:21 -0400] "GET /forums/style/imports/Oxygen_cs.css HTTP/1.1" 301 272 hiredgoonz.net "http://hiredgoonz.net/forums/userlist.php?username=31337&show_group=-1&sort_by=username&sort_dir=ASC&search=Submit" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:50:21 -0400] "GET /favicon.ico HTTP/1.1" 200 0 hiredgoonz.net "http://hiredgoonz.net/forums/userlist.php?username=31337&show_group=-1&sort_by=username&sort_dir=ASC&search=Submit" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:50:22 -0400] "GET /forums/style/imports/oxygen_cs.css HTTP/1.1" 304 - hiredgoonz.net "http://hiredgoonz.net/forums/userlist.php?username=31337&show_group=-1&sort_by=username&sort_dir=ASC&search=Submit" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:50:33 -0400] "POST /forums/profile.php?section=admin&id=161&action=foo HTTP/1.0" 200 833 www.hiredgoonz.net "http://www.hiredgoonz.net/forums/profile.php?section=admin&id=161" "-" "-"
62.217.133.143 - - [14/Jun/2005:09:50:42 -0400] "GET /forums/userlist.php?username=31337&show_group=-1&sort_by=username&sort_dir=ASC&search=Submit HTTP/1.1" 200 4127 hiredgoonz.net "http://hiredgoonz.net/forums/userlist.php?username=quimper&show_group=-1&sort_by=username&sort_dir=ASC&search=Submit" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:50:43 -0400] "GET /forums/style/oxygen.css HTTP/1.1" 304 - hiredgoonz.net "http://hiredgoonz.net/forums/userlist.php?username=31337&show_group=-1&sort_by=username&sort_dir=ASC&search=Submit" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:50:44 -0400] "GET /forums/style/imports/base.css HTTP/1.1" 304 - hiredgoonz.net "http://hiredgoonz.net/forums/userlist.php?username=31337&show_group=-1&sort_by=username&sort_dir=ASC&search=Submit" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:50:44 -0400] "GET /forums/style/imports/Oxygen_cs.css HTTP/1.1" 301 272 hiredgoonz.net "http://hiredgoonz.net/forums/userlist.php?username=31337&show_group=-1&sort_by=username&sort_dir=ASC&search=Submit" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:50:44 -0400] "GET /forums/style/imports/oxygen_cs.css HTTP/1.1" 304 - hiredgoonz.net "http://hiredgoonz.net/forums/userlist.php?username=31337&show_group=-1&sort_by=username&sort_dir=ASC&search=Submit" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
62.217.133.143 - - [14/Jun/2005:09:50:50 -0400] "GET /forums/admin_index.php HTTP/1.1" 200 4464 hiredgoonz.net "http://hiredgoonz.net/forums/userlist.php?username=31337&show_group=-1&sort_by=username&sort_dir=ASC&search=Submit" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.00" "-"
  • Connorhd
  • Connorhd
  • Former PunBB Developer
  • Offline
  • From: Leeds, UK
  • Registered: 2004-06-13
  • Posts: 4,195

Re: New user gained admin access

yes 1.2.1, 1.2.2, 1.2.3, and 1.2.4 all have exploits which is why new versions were released

FluxBB.
Connorhd.co.uk.

Connorhd's Website

  • geepee
  • Junior Member
  • Offline
  • Registered: 2005-06-14
  • Posts: 4

Re: New user gained admin access

Connorhd wrote:

yes 1.2.1, 1.2.2, 1.2.3, and 1.2.4 all have exploits which is why new versions were released

Would you possibly be able to email me to let me know what the exploit is?  I have no problem with not knowing, and am grateful that it has been fixed in new releases.

Makes me feel safer if I actually know how it all happened.

Thanks for the quick reply!

  • Connorhd
  • Connorhd
  • Former PunBB Developer
  • Offline
  • From: Leeds, UK
  • Registered: 2004-06-13
  • Posts: 4,195

Re: New user gained admin access

i dunno the exploit and i wouldn't tell you i did

FluxBB.
Connorhd.co.uk.

Connorhd's Website

  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: New user gained admin access

And there are several possible ones wink
There were several SQL injects and one cookie issue between 1.2.1 and the current version

  • geepee
  • Junior Member
  • Offline
  • Registered: 2005-06-14
  • Posts: 4

Re: New user gained admin access

Smartys wrote:

And there are several possible ones wink
There were several SQL injects and one cookie issue between 1.2.1 and the current version

Awesome!  I was in the changelogs for 1.2.2 that there was some SQL injection issues.

Thanks for the replies guys!  I don't care about not knowing the exploit, I was just interested to know what exactally happened.

Thanks guys!

1.2.5, here I come smile