DavidHernandez
/ d7-autologin.php
Created
October 16, 2014 17:19
This is another PoC for the SA-CORE-2014-005 vulnerability. Instead of updating the users table, activates an anonymous session to change your session into admin.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * D7 autologin. | |
| * Exploits SA-CORE-2014-005 to change your anonymous session into an uid 1 session. | |
| * In order to work, first you need to have an anonymous session in the sessions table. | |
| * One way to achieve this is to go to the update.php page. | |
| * | |
| * Usage: php d7-autologin.php http://example.com 127.0.0.1 | |
| * |
DavidHernandez
/ urls.md
Last active
March 22, 2022 17:36
— forked from pr3ssh/urls.md
URLs para el ejercicio de Extraccion de datos
OlderNewer