Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

En: ubb hole

From: Tiago Gava <tgava () TELESPCELULAR COM BR>
Date: Mon, 20 Nov 2000 03:03:39 -0200

----- Original Message ----- 
From: tdf 
To: tgava () telespcelular com br 
Sent: Monday, November 20, 2000 2:46 PM
Subject: ubb hole


-----------------------------------------------------------------------------------
Ultimate Bulletin Board - Private forums security hole, by tdf (tdf () linuxbr com br)
-----------------------------------------------------------------------------------

Well, i can see any open topic inside a private forum (password protected) WITHOUT have the password.
How? It's simple! Using the quote feature of the Ultimate Bulletin Board!

Look this example:


http://www.scriptkeeper.com/cgi-bin/postings.cgi?action=reply&forum=tdf&number=21&topic=000004.cgi&TopicSubject=tdf&replyto=0


Hmm, it's a Infopop's help forum, using the last version of UBB (5.73)
This session of the forum is reserved for moderators only, and protected with a password.

Put this url in your web browser and see it with your own eyes! 
I can see all open threads in this session of the forum just changing the number of the xxxxx.cgi, and all its replies 
changing replyto=XX 

You noted that I can quote a msg without give the password... The problem is there :)

c-ya!
Previous By Date Next
Previous By Thread Next

Current thread: