Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Allaire Forums Vulnerability

From: John Cantu <Jeian () myrealbox com>
Date: Tue, 08 Jan 2002 18:06:00 -0500
Released: January 8, 2002
By: Kernel jeian, Executive Officer, CyberArmy Exploit Research Team - http://www.exploitresearch.net
Advisory #1
---
There is a vulnerability in Allaire Forums, a popular web-board service. Through this vulnerability, it is possible to 
impersonate other users.
---
Allaire forums use a HIDDEN tag to determine the name and e-mail address of the author. By saving the file to disk and 
editing the HIDDEN fields before posting, it is possible to impersonate another user.
---
We were unable to contact the maintainer of Allaire forums as of this writing.
---
Ker. jeian
XO, CyberArmy Exploit Research.
Previous By Date Next
Previous By Thread Next

Current thread: