Bugtraq mailing list archives
Allaire Forums Vulnerability
From: John Cantu <Jeian () myrealbox com>
Date: Tue, 08 Jan 2002 18:06:00 -0500
Released: January 8, 2002 By: Kernel jeian, Executive Officer, CyberArmy Exploit Research Team - http://www.exploitresearch.net Advisory #1 --- There is a vulnerability in Allaire Forums, a popular web-board service. Through this vulnerability, it is possible to impersonate other users. --- Allaire forums use a HIDDEN tag to determine the name and e-mail address of the author. By saving the file to disk and editing the HIDDEN fields before posting, it is possible to impersonate another user. --- We were unable to contact the maintainer of Allaire forums as of this writing. --- Ker. jeian XO, CyberArmy Exploit Research.
Current thread:
- Allaire Forums Vulnerability John Cantu (Jan 09)