Subsonic Forum

forum.subsonic.org
http://forum.subsonic.org/forum/

Simple way to bypass the login?

http://forum.subsonic.org/forum/viewtopic.php?f=2&t=1888

Page 1 of 1

Simple way to bypass the login?

PostPosted: Thu May 28, 2009 8:55 pm
by manybuddhas
Entering the address of the Subsonic service on my Web server, which let's say is at http://66.185.19.125:8083/, takes me directly to the index rather than the log-in page, and provides access to all the functions in Subsonic.

If you remove the arguments after the http address: /login.view;jsessionid=qkzqn8cqqcc? you can just enter the index without having to log in.

I changed the admin password as described, but still this simple bypass is available. What am I missing?[/code]

PostPosted: Thu May 28, 2009 10:21 pm
by kdid
Have you tried that from a webbrowser that never have been used on you site?

It could be you have saved the login info in a cookie in your browser and it is using that in that case.

PostPosted: Fri May 29, 2009 5:40 pm
by aphuey
Yeah - I bet if you clear your temp files, you will be forced to log in again...

PostPosted: Fri May 29, 2009 6:34 pm
by mixmaster
There is a checkbox on the login page that allows you to choose between remembering your login or not.
________

PostPosted: Sat May 30, 2009 12:29 am
by manybuddhas
Thanks all. It was just a cookie, apparently, since the problem did not show up on a computer that hadn't accessed the site before. :oops:

PostPosted: Sat Jun 06, 2009 3:14 pm
by bluetooth
From the tutorial section:

http://yourhost/subsonic/login.view?use ... word=guest
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/