Or just search your phpbb_users table in your database for users that have a user_level = 1. Those are admins. User_level of 0 coresponds to regular users and User_level of 2 are moderators. On Tue, 25 Jan 2005 23:48:20 +0100, Predrag Damnjanovic <bugtraq@xxxxxxxxxxxx> wrote: > After discovering 'highlight' vulnerability in phpBB, many forums > were patched, but... it is possible that attackers created a [secret] > admin accounts... > It is very hard to find secret admin accounts if the forum has too > many users... you must check every account... > > So, here is a simple PHP script, that will show a list of all admin > accounts on your phpBB forum. > Just simply copy this file to phpBB directory... > > After you find a attacker admin accounts, and remove admin status > from those accounts, you can delete this script, and of course, you > should upgrade your phpBB to the latest version. > > A demonstration of this script can be found at > http://www.mycity.co.yu/phpbb/admin_list.php > > Best regards, > Predrag Damnjanovic > http://www.mycity.co.yu/ > > > -- Have pets? Get the help you need from the Pet Advice Network. We have 6 websites ready to help you. http://www.petadvice.net
