[prev in list] [next in list] [prev in thread] [next in thread]
List: vuln-dev
Subject: Re: ubb hole
From: Tiago Gava <tgava () TELESPCELULAR ! COM ! BR>
Date: 2000-11-21 9:52:17
[Download RAW message or body]
The bug was confirmed by the authors and fixed today.
----- Original Message -----
From: Knud Erik Højgaard - CyberCity Support
To: Tiago Gava ; VULN-DEV@SECURITYFOCUS.COM
Sent: Tuesday, November 21, 2000 10:05 AM
Subject: RE: ubb hole
funny enough, on the page they state that they're running Ultimate Bulletin Board \
Version 5.47a
quick fix perhaps? (the authentication fails..)
sincerely
Knud Erik Højgaard <knud@cybercity.dk>
Cybercity Erhvervssupport <support@erhverv.cybercity.dk>
http://www.cybercity.dk/support
Tlf 33 98 30 60
-----Original Message-----
From: VULN-DEV List [mailto:VULN-DEV@SECURITYFOCUS.COM]On Behalf Of Tiago Gava
Sent: 20. november 2000 06:04
To: VULN-DEV@SECURITYFOCUS.COM
Subject: En: ubb hole
----- Original Message -----
From: tdf
To: tgava@telespcelular.com.br
Sent: Monday, November 20, 2000 2:46 PM
Subject: ubb hole
-----------------------------------------------------------------------------------
Ultimate Bulletin Board - Private forums security hole, by tdf (tdf@linuxbr.com.br)
-----------------------------------------------------------------------------------
Well, i can see any open topic inside a private forum (password protected) \
WITHOUT have the password. How? It's simple! Using the quote feature of the Ultimate \
Bulletin Board!
Look this example:
http://www.scriptkeeper.com/cgi-bin/postings.cgi?action=reply&forum=tdf&number=21&topic=000004.cgi&TopicSubject=tdf&replyto=0
Hmm, it's a Infopop's help forum, using the last version of UBB (5.73)
This session of the forum is reserved for moderators only, and protected with a \
password.
Put this url in your web browser and see it with your own eyes!
I can see all open threads in this session of the forum just changing the number \
of the xxxxx.cgi, and all its replies changing replyto=XX
You noted that I can quote a msg without give the password... The problem is \
there :)
c-ya!
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="MSHTML 5.00.2314.1000" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>The bug was confirmed by the authors and fixed
today.</FONT></DIV>
<BLOCKQUOTE
style="BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px; \
PADDING-LEFT: 5px; PADDING-RIGHT: 0px"> <DIV style="FONT: 10pt arial">----- Original \
Message ----- </DIV> <DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A href="mailto:kain@egotrip.dk" title=kain@egotrip.dk>Knud Erik Højgaard -
CyberCity Support</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A
href="mailto:tgava@TELESPCELULAR.COM.BR"
title=tgava@TELESPCELULAR.COM.BR>Tiago Gava</A> ; <A
href="mailto:VULN-DEV@SECURITYFOCUS.COM"
title=VULN-DEV@SECURITYFOCUS.COM>VULN-DEV@SECURITYFOCUS.COM</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Tuesday, November 21, 2000 10:05
AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> RE: ubb hole</DIV>
<DIV><BR></DIV>
<DIV><FONT size=2><FONT color=#0000ff><FONT face=Arial><SPAN
class=915100512-21112000>funny enough, on the page they state that they're
running Ultimate Bulletin Board Version 5.47a <BR><BR></FONT></SPAN><SPAN
class=915100512-21112000>quick fix perhaps? (the authentication
fails..)</SPAN></FONT></FONT></FONT></DIV>
<DIV> </DIV>
<P><FONT size=2><SPAN class=915100512-21112000><FONT color=#0000ff
face=Arial>sincerely</FONT></SPAN><BR><BR>Knud Erik Højgaard <<A
href="mailto:knud@cybercity.dk">knud@cybercity.dk</A>><BR>Cybercity
Erhvervssupport <<A
href="mailto:support@erhverv.cybercity.dk">support@erhverv.cybercity.dk</A>><BR></FONT><A \
href="http://www.cybercity.dk/support" target=_blank><FONT
size=2>http://www.cybercity.dk/support</FONT></A><BR><FONT size=2>Tlf 33 98 30
60</FONT> </P>
<BLOCKQUOTE style="MARGIN-RIGHT: 0px">
<DIV align=left class=OutlookMessageHeader dir=ltr><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> VULN-DEV List [<A
href="mailto:VULN-DEV@SECURITYFOCUS.COM">mailto:VULN-DEV@SECURITYFOCUS.COM</A>]<B>On \
Behalf Of </B>Tiago Gava<BR><B>Sent:</B> 20. november 2000
06:04<BR><B>To:</B> VULN-DEV@SECURITYFOCUS.COM<BR><B>Subject:</B> En: ubb
hole<BR><BR></DIV></FONT>
<DIV> </DIV>
<DIV style="FONT: 10pt arial">----- Original Message -----
<DIV style="BACKGROUND: #e4e4e4; font-color: black"><B>From:</B> <A
href="mailto:tdf@linuxbr.com.br" title=tdf@linuxbr.com.br>tdf</A> </DIV>
<DIV><B>To:</B> <A href="mailto:tgava@telespcelular.com.br"
title=tgava@telespcelular.com.br>tgava@telespcelular.com.br</A> </DIV>
<DIV><B>Sent:</B> Monday, November 20, 2000 2:46 PM</DIV>
<DIV><B>Subject:</B> ubb hole</DIV></DIV>
<DIV><BR></DIV>
<DIV><FONT
size=2>-----------------------------------------------------------------------------------<BR>Ultimate \
Bulletin Board - Private forums security hole, by tdf (<A
href="mailto:tdf@linuxbr.com.br">tdf@linuxbr.com.br</A>)<BR>-----------------------------------------------------------------------------------</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>Well, i can see any open topic inside a private forum
(password protected) WITHOUT have the password.<BR>How? It's simple! Using
the quote feature of the Ultimate Bulletin Board!</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>Look this example:</FONT></DIV>
<DIV> </DIV><FONT size=2>
<DIV><BR><A
href="http://www.scriptkeeper.com/cgi-bin/postings.cgi?action=reply&forum=tdf& \
amp;number=21&topic=000004.cgi&TopicSubject=tdf&replyto=0">http://www.scri \
ptkeeper.com/cgi-bin/postings.cgi?action=reply&forum=tdf&number=21&topic=000004.cgi&TopicSubject=tdf&replyto=0</A></DIV>
<DIV> </DIV>
<DIV><BR>Hmm, it's a Infopop's help forum, using the last version of UBB
(5.73)<BR>This session of the forum is reserved for moderators only, and
protected with a password.</DIV>
<DIV> </DIV>
<DIV>Put this url in your web browser and see it with your own eyes! <BR>I
can see all open threads in this session of the forum just changing the
number of the xxxxx.cgi, and all its replies changing replyto=XX </DIV>
<DIV> </DIV>
<DIV>You noted that I can quote a msg without give the password... The
problem is there :)</DIV>
<DIV> </DIV>
<DIV>c-ya!</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV><BR> </FONT></DIV>
<DIV><FONT size=2></FONT> </DIV></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic