[prev in list] [next in list] [prev in thread] [next in thread] 

List:       vuln-dev
Subject:    Re: ubb hole
From:       Tiago Gava <tgava () TELESPCELULAR ! COM ! BR>
Date:       2000-11-21 9:52:17
[Download RAW message or body]

The bug was confirmed by the authors and fixed today.
  ----- Original Message ----- 
  From: Knud Erik Højgaard - CyberCity Support 
  To: Tiago Gava ; VULN-DEV@SECURITYFOCUS.COM 
  Sent: Tuesday, November 21, 2000 10:05 AM
  Subject: RE: ubb hole


  funny enough, on the page they state that they're running Ultimate Bulletin Board \
Version 5.47a 

  quick fix perhaps? (the authentication fails..)

  sincerely

  Knud Erik Højgaard <knud@cybercity.dk>
  Cybercity Erhvervssupport <support@erhverv.cybercity.dk>
  http://www.cybercity.dk/support
  Tlf 33 98 30 60 

    -----Original Message-----
    From: VULN-DEV List [mailto:VULN-DEV@SECURITYFOCUS.COM]On Behalf Of Tiago Gava
    Sent: 20. november 2000 06:04
    To: VULN-DEV@SECURITYFOCUS.COM
    Subject: En: ubb hole



    ----- Original Message ----- 
    From: tdf 
    To: tgava@telespcelular.com.br 
    Sent: Monday, November 20, 2000 2:46 PM
    Subject: ubb hole


    -----------------------------------------------------------------------------------
  Ultimate Bulletin Board - Private forums security hole, by tdf (tdf@linuxbr.com.br)
    -----------------------------------------------------------------------------------


    Well, i can see any open topic inside a private forum (password protected) \
WITHOUT have the password.  How? It's simple! Using the quote feature of the Ultimate \
Bulletin Board!

    Look this example:


    http://www.scriptkeeper.com/cgi-bin/postings.cgi?action=reply&forum=tdf&number=21&topic=000004.cgi&TopicSubject=tdf&replyto=0



    Hmm, it's a Infopop's help forum, using the last version of UBB (5.73)
    This session of the forum is reserved for moderators only, and protected with a \
password.

    Put this url in your web browser and see it with your own eyes! 
    I can see all open threads in this session of the forum just changing the number \
of the xxxxx.cgi, and all its replies changing replyto=XX 

    You noted that I can quote a msg without give the password... The problem is \
there :)

    c-ya!




     
     


[Attachment #3 (text/html)]

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="MSHTML 5.00.2314.1000" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>The bug was confirmed by the authors and fixed 
today.</FONT></DIV>
<BLOCKQUOTE 
style="BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px; \
PADDING-LEFT: 5px; PADDING-RIGHT: 0px">  <DIV style="FONT: 10pt arial">----- Original \
Message ----- </DIV>  <DIV 
  style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B> 
  <A href="mailto:kain@egotrip.dk" title=kain@egotrip.dk>Knud Erik Højgaard - 
  CyberCity Support</A> </DIV>
  <DIV style="FONT: 10pt arial"><B>To:</B> <A 
  href="mailto:tgava@TELESPCELULAR.COM.BR" 
  title=tgava@TELESPCELULAR.COM.BR>Tiago Gava</A> ; <A 
  href="mailto:VULN-DEV@SECURITYFOCUS.COM" 
  title=VULN-DEV@SECURITYFOCUS.COM>VULN-DEV@SECURITYFOCUS.COM</A> </DIV>
  <DIV style="FONT: 10pt arial"><B>Sent:</B> Tuesday, November 21, 2000 10:05 
  AM</DIV>
  <DIV style="FONT: 10pt arial"><B>Subject:</B> RE: ubb hole</DIV>
  <DIV><BR></DIV>
  <DIV><FONT size=2><FONT color=#0000ff><FONT face=Arial><SPAN 
  class=915100512-21112000>funny enough, on the page they state that they're 
  running Ultimate Bulletin Board Version 5.47a&nbsp;<BR><BR></FONT></SPAN><SPAN 
  class=915100512-21112000>quick fix perhaps? (the authentication 
  fails..)</SPAN></FONT></FONT></FONT></DIV>
  <DIV>&nbsp;</DIV>
  <P><FONT size=2><SPAN class=915100512-21112000><FONT color=#0000ff 
  face=Arial>sincerely</FONT></SPAN><BR><BR>Knud Erik Højgaard &lt;<A 
  href="mailto:knud@cybercity.dk">knud@cybercity.dk</A>&gt;<BR>Cybercity 
  Erhvervssupport &lt;<A 
  href="mailto:support@erhverv.cybercity.dk">support@erhverv.cybercity.dk</A>&gt;<BR></FONT><A \
  href="http://www.cybercity.dk/support" target=_blank><FONT 
  size=2>http://www.cybercity.dk/support</FONT></A><BR><FONT size=2>Tlf 33 98 30 
  60</FONT> </P>
  <BLOCKQUOTE style="MARGIN-RIGHT: 0px">
    <DIV align=left class=OutlookMessageHeader dir=ltr><FONT face=Tahoma 
    size=2>-----Original Message-----<BR><B>From:</B> VULN-DEV List [<A 
    href="mailto:VULN-DEV@SECURITYFOCUS.COM">mailto:VULN-DEV@SECURITYFOCUS.COM</A>]<B>On \
  Behalf Of </B>Tiago Gava<BR><B>Sent:</B> 20. november 2000 
    06:04<BR><B>To:</B> VULN-DEV@SECURITYFOCUS.COM<BR><B>Subject:</B> En: ubb 
    hole<BR><BR></DIV></FONT>
    <DIV>&nbsp;</DIV>
    <DIV style="FONT: 10pt arial">----- Original Message ----- 
    <DIV style="BACKGROUND: #e4e4e4; font-color: black"><B>From:</B> <A 
    href="mailto:tdf@linuxbr.com.br" title=tdf@linuxbr.com.br>tdf</A> </DIV>
    <DIV><B>To:</B> <A href="mailto:tgava@telespcelular.com.br" 
    title=tgava@telespcelular.com.br>tgava@telespcelular.com.br</A> </DIV>
    <DIV><B>Sent:</B> Monday, November 20, 2000 2:46 PM</DIV>
    <DIV><B>Subject:</B> ubb hole</DIV></DIV>
    <DIV><BR></DIV>
    <DIV><FONT 
    size=2>-----------------------------------------------------------------------------------<BR>Ultimate \
  Bulletin Board - Private forums security hole, by tdf (<A 
    href="mailto:tdf@linuxbr.com.br">tdf@linuxbr.com.br</A>)<BR>-----------------------------------------------------------------------------------</FONT></DIV>
  <DIV>&nbsp;</DIV>
    <DIV><FONT size=2>Well, i can see any open topic inside a private forum 
    (password protected) WITHOUT have the password.<BR>How? It's simple! Using 
    the quote feature of the Ultimate Bulletin Board!</FONT></DIV>
    <DIV>&nbsp;</DIV>
    <DIV><FONT size=2>Look this example:</FONT></DIV>
    <DIV>&nbsp;</DIV><FONT size=2>
    <DIV><BR><A 
    href="http://www.scriptkeeper.com/cgi-bin/postings.cgi?action=reply&amp;forum=tdf& \
amp;number=21&amp;topic=000004.cgi&amp;TopicSubject=tdf&amp;replyto=0">http://www.scri \
ptkeeper.com/cgi-bin/postings.cgi?action=reply&amp;forum=tdf&amp;number=21&amp;topic=000004.cgi&amp;TopicSubject=tdf&amp;replyto=0</A></DIV>
  <DIV>&nbsp;</DIV>
    <DIV><BR>Hmm, it's a Infopop's help forum, using the last version of UBB 
    (5.73)<BR>This session of the forum is reserved for moderators only, and 
    protected with a password.</DIV>
    <DIV>&nbsp;</DIV>
    <DIV>Put this url in your web browser and see it with your own eyes! <BR>I 
    can see all open threads in this session of the forum just changing the 
    number of the xxxxx.cgi, and all its replies changing replyto=XX </DIV>
    <DIV>&nbsp;</DIV>
    <DIV>You noted that I can quote a msg without give the password... The 
    problem is there :)</DIV>
    <DIV>&nbsp;</DIV>
    <DIV>c-ya!</DIV>
    <DIV>&nbsp;</DIV>
    <DIV>&nbsp;</DIV>
    <DIV>&nbsp;</DIV>
    <DIV><BR>&nbsp;</FONT></DIV>
    <DIV><FONT size=2></FONT>&nbsp;</DIV></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>



[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic