[2.0] "Login after login" bug.

NobodySec · February 23, 2016, 03:59:34 PM

Hello there! I'm Nobody, today i'm reporting a simple n' minor bug, but a bug is a bug. All bugs are important for me.

This bug consist in login after login, how? This is simple.

Only you need to do is login to your account in a SMF Forum, and after that navigate to "something-url. net/blabla/index.php?action=login".
In the case of Simple Machines Forums: "http://www.simplemachines.org/community/index.php?action=login".
Congratulations! You're now logging after login.

PoC (attached image).

This is all.

(P.S.: Sorry for my (maybe) bad english, i'm from Argentina).

Greetings
Nobody.

Shambles · February 23, 2016, 04:04:13 PM

You do have a point..

Antes · February 23, 2016, 04:06:56 PM

That page needs to redirect back to index.php ($scripturl) if user is logged. Funny enough register action does what i said.

NobodySec · February 23, 2016, 04:10:04 PM

Quote from: Antes on February 23, 2016, 04:06:56 PM
That page needs to redirect back to index.php ($scripturl) if user is logged. Funny enough register action does what i said.

I think same. Is the best solution.

Greetings.

News:

[2.0] "Login after login" bug.

NobodySec

Shambles

Antes

NobodySec