darklight Posted September 28, 2007 Share Posted September 28, 2007 http://gamerzworldonline.com/AuthPanel/pages/admin/index.php Test it for anything you can. Then post your results here. Link to comment Share on other sites More sharing options...
thryb Posted September 28, 2007 Share Posted September 28, 2007 would be better with a user/pass Link to comment Share on other sites More sharing options...
darklight Posted September 28, 2007 Author Share Posted September 28, 2007 User: Demo Pass: phpfreaks Link to comment Share on other sites More sharing options...
source Posted September 28, 2007 Share Posted September 28, 2007 dear admin: your security is a joke. you're not even using sessions. Link to comment Share on other sites More sharing options...
darklight Posted September 28, 2007 Author Share Posted September 28, 2007 I'm using cookies. Link to comment Share on other sites More sharing options...
agentsteal Posted September 28, 2007 Share Posted September 28, 2007 Admin Access: You can access the admin panel by changing the username cookie to admin. Drop Down Menu: If you edit the Member Type drop down menu on http://www.gamerzworldonline.com/AuthPanel/pages/admin/index.php?action=addmember you can submit arbitrary values Insecure Cookie: You shouldn't put the username in the cookie. You can log in as any user by setting the auth cookie to their username. Link to comment Share on other sites More sharing options...
Recommended Posts