Topics

User Functions

Events

There are no upcoming events

What's New

Stories last 2 weeks

No new stories

Comments last 2 weeks

No new comments

Trackbacks last 2 weeks

No new trackback comments

Links last 2 weeks

No recent new links

NEW FILES last 14 days

No new files

Welcome to Geeklog Wednesday, April 16 2014 @ 06:17 AM EDT

Checking *Admin account passwords

  • View Printable Version
Security
  • Saturday, May 04 2002 @ 04:33 PM EDT
  • Contributed by:
  • Views:
    4,071

For those who may not realize it, there are several Admin accounts that have default passwords (StoryAdmin, etc), and only the main "Admin" account is checked in the getBent() PHP block. By default, all *Admin accounts have the "password" password, and an intelligent person could figure that out, and exploit your system.

If you would like to see if you are vulnerable to this sort of attack, run this query in mySQL, or add it to getBent() like I did:

select count(*) as count from gl_users where username like '%Admin' and passwd=md5('password')

That will tell you if any of your *Admin accounts are vulnerable. Notice the slight differences from the query in getBent():

select count(*) as count from users where username='Admin' and passwd='" . md5('password') . "'

Submission Notification

  • View Printable Version
Geeklog
  • Saturday, May 04 2002 @ 11:59 AM EDT
  • Contributed by:
    Anonymous
  • Views:
    2,904
Couldn\'t find a feature request section, so I\'ll just try here.
How about making it so that whenever there is a submission, an email is sent to the admin? Don\'t know if this has been requested yet, but I think it would be very useful.
Keep up the good work.
Also, anyone have any suggestions on books or ways to learn php?

Thanks.
Brian.

New Theme

  • View Printable Version
  • Wednesday, May 01 2002 @ 07:52 AM EDT
  • Contributed by:
  • Views:
    3,376
We're releasing the current Geeksta theme, titled DotCom for download. You can grab it from Geeksta.com.

Who's Online

Guest Users: 14

Need Help?

If you need help in setting up or using Geeklog, please see the documentation, the FAQ, the Wiki, try our search page or browse through the Support Forum. Chances are someone else already had the same problem.

More resources are listed on the support page.

If you still can't find an answer, feel free to post in the forum.

Need help now? Try our web-based IRC chat.

International Support:
[geeklog.info] [GeeklogPolska] [Geeklog Japanese] [Geeklog France] [Geeklog Spain]