Yeah, Sniperkids method works, i just tryed it, thanks for posting it sniper the only problem is that with this, people can get confused and post there passwords on another website... Giving other people access to there account. ...

Also, there is a possibility to do it with other things than php ... watch out !!

well to be extra secure you could just restrict most of the file types like .js .asp .php .pl etc

Or you could only allow the basic img files, gif, jpeg, bmp


But im not an admin, You choose
lol the fight will never end with these bugs

Restricting by extension isn't a good way, since you can always use .htaccess to make an image become a script
But I think you can fix it by passing a variable to the logout page, something like http://www.bright-shadows.net/logout.php?username=quangntenemy

Your are right quangntenemy.
I guess I have to introduce a variable.
Everything else doesn't work.

Hmmm,even with a variable it seems to be possible to at least logout a special user.
The only way around that is a "secret" hash as a variable no-one except the user knows.
That way the image creator doesn't know which variable to use.

This one is getting bigger and bigger
That whole situation gave me an idea for a new hacking technique.

1. User xyz knows that there is a script he wants to execute but he can't access it (because he doesn't has the rights).
2. User xyz knows that the admin has the right to access this script
3. User xyz creates a php image, sending the admin to the script with variables choosen by the User xyz
4. The script gets executed

The only thing necessary for this attack is that the admin views the php image.
I call it nasty

tbs

Example:

The admin uses "phpshell".
It is linked so that every user knows the file exists:
~> http://....org/admin/phpshell.php
This script is dangerous and so he protects it using .htaccess.
No user can access it.
After working a while with the script the admin needs some time of and studies the forum.
There someone has placed a php image sending the admin to the phpshell script.
The following "get" varibales can be choosen by the User: work_dir, command.
Now the User can overwrite the .htaccess giving him unrestricted access to the phpshell.

tbs

Interesting.. Can this be used in some forums to send the admin to his profile ("my account") page and change his password?

im pretty sure it is possible to do anything if u have the required info

Logos stop giving evil people, evil ideas! lol

im sure a few people already knew this, i mean if there is something u want to know but you need to be aurthorised or you do not have the correct access then this is prob the best way to attack