Vulnerability in EPiServer.Forms
During testing of an EPiServer site, we accidentally set a shortcut link our (custom) Login page, pointing to another EPiServer CMS page. Now you see, in order to remove that shortcut setting, I need to be able to login, which I can't because I'm being redirected...
So, does anyone know which tables etc I should look for in the database to manully remove it? Or can I login with util/login.aspe somehow? (don't know how the url would be though).
yourhost/util/login.aspx is the correct url. :)
Just temporarily change the loginUrl in authentication / forms in web.config to /util/login.aspx so you can login using the standard login page. Or just browse to it directly like Erik mentioned, very possible that will work too.
Just browsing to yourhost/util/login.aspx still redirected me to the wrong page, but changing the loginUrl in web.config did the trick!