Vulnerability Development mailing list archives
Re: ubb hole
From: Tiago Gava <tgava () TELESPCELULAR COM BR>
Date: Tue, 21 Nov 2000 07:52:17 -0200
The bug was confirmed by the authors and fixed today. ----- Original Message ----- From: Knud Erik Højgaard - CyberCity Support To: Tiago Gava ; VULN-DEV () SECURITYFOCUS COM Sent: Tuesday, November 21, 2000 10:05 AM Subject: RE: ubb hole funny enough, on the page they state that they're running Ultimate Bulletin Board Version 5.47a quick fix perhaps? (the authentication fails..) sincerely Knud Erik Højgaard <knud () cybercity dk> Cybercity Erhvervssupport <support () erhverv cybercity dk> http://www.cybercity.dk/support Tlf 33 98 30 60 -----Original Message----- From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of Tiago Gava Sent: 20. november 2000 06:04 To: VULN-DEV () SECURITYFOCUS COM Subject: En: ubb hole ----- Original Message ----- From: tdf To: tgava () telespcelular com br Sent: Monday, November 20, 2000 2:46 PM Subject: ubb hole ----------------------------------------------------------------------------------- Ultimate Bulletin Board - Private forums security hole, by tdf (tdf () linuxbr com br) ----------------------------------------------------------------------------------- Well, i can see any open topic inside a private forum (password protected) WITHOUT have the password. How? It's simple! Using the quote feature of the Ultimate Bulletin Board! Look this example: http://www.scriptkeeper.com/cgi-bin/postings.cgi?action=reply&forum=tdf&number=21&topic=000004.cgi&TopicSubject=tdf&replyto=0 Hmm, it's a Infopop's help forum, using the last version of UBB (5.73) This session of the forum is reserved for moderators only, and protected with a password. Put this url in your web browser and see it with your own eyes! I can see all open threads in this session of the forum just changing the number of the xxxxx.cgi, and all its replies changing replyto=XX You noted that I can quote a msg without give the password... The problem is there :) c-ya!
Current thread:
- Re: ubb hole Tiago Gava (Nov 22)