darklight Posted September 28, 2007 Share Posted September 28, 2007 http://gamerzworldonline.com/AuthPanel/pages/admin/index.php Test it for anything you can. Then post your results here. Link to comment https://forums.phpfreaks.com/topic/70996-beta-test-auth-panel/ Share on other sites More sharing options...
thryb Posted September 28, 2007 Share Posted September 28, 2007 would be better with a user/pass Link to comment https://forums.phpfreaks.com/topic/70996-beta-test-auth-panel/#findComment-357213 Share on other sites More sharing options...
darklight Posted September 28, 2007 Author Share Posted September 28, 2007 User: Demo Pass: phpfreaks Link to comment https://forums.phpfreaks.com/topic/70996-beta-test-auth-panel/#findComment-357373 Share on other sites More sharing options...
source Posted September 28, 2007 Share Posted September 28, 2007 dear admin: your security is a joke. you're not even using sessions. Link to comment https://forums.phpfreaks.com/topic/70996-beta-test-auth-panel/#findComment-357414 Share on other sites More sharing options...
darklight Posted September 28, 2007 Author Share Posted September 28, 2007 I'm using cookies. Link to comment https://forums.phpfreaks.com/topic/70996-beta-test-auth-panel/#findComment-357435 Share on other sites More sharing options...
agentsteal Posted September 28, 2007 Share Posted September 28, 2007 Admin Access: You can access the admin panel by changing the username cookie to admin. Drop Down Menu: If you edit the Member Type drop down menu on http://www.gamerzworldonline.com/AuthPanel/pages/admin/index.php?action=addmember you can submit arbitrary values Insecure Cookie: You shouldn't put the username in the cookie. You can log in as any user by setting the auth cookie to their username. Link to comment https://forums.phpfreaks.com/topic/70996-beta-test-auth-panel/#findComment-357601 Share on other sites More sharing options...
Recommended Posts