2016-05-16, 03:40 PM
Putting on my black hat for a second, assuming I got ftp or server access to a forum, I would edit config.php and add my uid as the new superadmin. Then I'd remove any other superadmins and log in to the forum ACP. All admins deleted, and I am in full control. Time to sit back and stroke my white cat.
Putting on my white hat, I'd want to be prepared for this, so I would have one or two 'sleeper' accounts in the database. Regular users, a few posts, nothing to attract attention.
So I come to log in as admin to find I've been hacked and locked out. I log in as one of my 'sleepers' and add a post. A bit like the /slap and /me functions, I have added something to /inc/class_parser.php so when I post "/super" on a line of it's own, it writes my uid to the list of superadmins in config.php.
Anything wrong with this as a backdoor? I'm a php noob, so any clues or pointers gratefully received.
I know I could do the same thing via FTP, but wearing my black hat, I'd delete all FTP accounts bar my own...
Putting on my white hat, I'd want to be prepared for this, so I would have one or two 'sleeper' accounts in the database. Regular users, a few posts, nothing to attract attention.
So I come to log in as admin to find I've been hacked and locked out. I log in as one of my 'sleepers' and add a post. A bit like the /slap and /me functions, I have added something to /inc/class_parser.php so when I post "/super" on a line of it's own, it writes my uid to the list of superadmins in config.php.
Anything wrong with this as a backdoor? I'm a php noob, so any clues or pointers gratefully received.
I know I could do the same thing via FTP, but wearing my black hat, I'd delete all FTP accounts bar my own...