|
|
#43238
04/05/2001 8:51 PM
|
Joined: Mar 2001
Posts: 7
Junior Member
|
|
Junior Member
Joined: Mar 2001
Posts: 7 |
Greetings All: Since I'm in the security biz, I keep track of a bunch of maillists related to vulnerabilities, etc. The following just came through: From:
To:
Sent: Wednesday, April 04, 2001 9:07 PM
Subject: Ultimate Bulletin Board Version 5.47e
> About:
> "Ultimate Bulletin Board Version 5.47e"
> by "www.infopop.com"
> on Cross-Platform (tested on UNIX)
>
>
> Subject:
> Another possibility to read in private forums
>
>
> Status:
> Vendors took aknoledgement;
> No reply of any solution yet;
>
>
> Details:
> As still known, there've been some security problem
> in UBB up to version 5.74a that makes it possible
> to read in private forums (password protected), just
> giving the 'postings.cgi' the querystring
> 'action=reply&forum=doesnotmatter&number=1&topi
> c=000001.cgi&TopicSubject=doesnotmatter&replyto=
> 0',
> altering 'number' to the number of a private forum
> and 'topic' and 'replyto' just to the number you want to
> read.
> So for example this URL could let you read the first
> message of the first thread in a private forum,
> wich's number is 1:
> http://boardhost.org/boarddir/postings.cgi?
> action=reply&forum=&number=1&topic=000001.cgi&
> TopicSubject=&replyto=0
> I guess this bug should be fixed at least with version
> 5.47e.
> But there was forgotten one little detail: If there are
> several private forums e.g. one for the moderators
> and
> one only for administrators,
> people with a moderators rights could still exploit this
> bug to read in administrators forum, thought they don't
> have permission to read there, just by loggin in and
> get coockied by that.
>
>
> Solution:
> As I guess this should be fixed by editing the line
> ' if (($Status eq "Administrator") || ($Status
> eq "Moderator")) {' in the subroutine
> 'sub verifyID' in the 'postings.cgi' and change it into
> ' if ($Status eq "Administrator") {' at least with the
> board I was testing it, this worked.
> But maybe you should wait for any offical solutions of
> the vendors.
Yours In CyberSpace,
John Vranesevich
Founder, AntiOnline.com
|
|
|
Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.
Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
|
|
|
Posts: 87
Joined: December 2001
|
|
|
Forums63
Topics37,575
Posts293,931
Members13,824
| |
Most Online6,139
Sep 21st, 2024
|
|
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
|
|
|
|
|
|
