moonpixel Recently I came across 2 cases where website’s admin area was accessed by an “intruder”. In both cases the login credentials were known only to the administrator and this was in both cases a different person.
The first site was a simple online questionnaire with a custom CMS for managing the questions created by some company. Here the “intruder” managed to get in the admin area and delete most of the questions.
The second site was only a testing “playground”, it was based on the Zend Framework’s MVC, but not completed yet. Here the “intruder” managed to send an email from the admin area’s mailer.
