Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ubb hole

From: Tiago Gava <tgava () TELESPCELULAR COM BR>
Date: Tue, 21 Nov 2000 07:52:17 -0200
The bug was confirmed by the authors and fixed today.
  ----- Original Message ----- 
  From: Knud Erik Højgaard - CyberCity Support 
  To: Tiago Gava ; VULN-DEV () SECURITYFOCUS COM 
  Sent: Tuesday, November 21, 2000 10:05 AM
  Subject: RE: ubb hole


  funny enough, on the page they state that they're running Ultimate Bulletin Board Version 5.47a 

  quick fix perhaps? (the authentication fails..)

  sincerely

  Knud Erik Højgaard <knud () cybercity dk>
  Cybercity Erhvervssupport <support () erhverv cybercity dk>
  http://www.cybercity.dk/support
  Tlf 33 98 30 60 

    -----Original Message-----
    From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of Tiago Gava
    Sent: 20. november 2000 06:04
    To: VULN-DEV () SECURITYFOCUS COM
    Subject: En: ubb hole



    ----- Original Message ----- 
    From: tdf 
    To: tgava () telespcelular com br 
    Sent: Monday, November 20, 2000 2:46 PM
    Subject: ubb hole


    -----------------------------------------------------------------------------------
    Ultimate Bulletin Board - Private forums security hole, by tdf (tdf () linuxbr com br)
    -----------------------------------------------------------------------------------

    Well, i can see any open topic inside a private forum (password protected) WITHOUT have the password.
    How? It's simple! Using the quote feature of the Ultimate Bulletin Board!

    Look this example:


    
http://www.scriptkeeper.com/cgi-bin/postings.cgi?action=reply&forum=tdf&number=21&topic=000004.cgi&TopicSubject=tdf&replyto=0


    Hmm, it's a Infopop's help forum, using the last version of UBB (5.73)
    This session of the forum is reserved for moderators only, and protected with a password.

    Put this url in your web browser and see it with your own eyes! 
    I can see all open threads in this session of the forum just changing the number of the xxxxx.cgi, and all its 
replies changing replyto=XX 

    You noted that I can quote a msg without give the password... The problem is there :)

    c-ya!
Previous By Date Next
Previous By Thread Next

Current thread: