tag:blogger.com,1999:blog-9099779.post5649436251985383621..comments2024-03-23T23:09:17.426+01:00Comments on StalkR's Blog: smpCTF challenge #11 write-up, phplist 0dayStalkRhttp://www.blogger.com/profile/15113480981262771031noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-9099779.post-71054709467220598122010-10-26T10:58:17.419+02:002010-10-26T10:58:17.419+02:00You don't need the admin password, you just ne...You don't need the admin password, you just need to be authenticated as an admin (stealing the cookie is enough).<br /><br />Requiring an admin access certainly reduces the attack surface but it is still a serious issue for phplist (file or db disclosure, privilege escalation).StalkRhttps://www.blogger.com/profile/15113480981262771031noreply@blogger.comtag:blogger.com,1999:blog-9099779.post-41380818600934397902010-10-25T23:18:09.945+02:002010-10-25T23:18:09.945+02:00How is this useful if you need the admin password?...How is this useful if you need the admin password???Anonymousnoreply@blogger.com