Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14899
HistoryNov 02, 2006 - 12:00 a.m.

[Full-disclosure] Invision Power Board 2.1.7 debug mode vulnerability

2006-11-0200:00:00
vulners.com
90
JSON

Debug mode is a feature in IPB 2.0.0-2.1.7 that shows
all database queries for each forum page requested.

If Debug mode is turned on, it is possible for anyone
to request a forgotten password for an account, and
capture the validation key that is sent to the
account's email address. This allows an attacker to
change anyone's password without having access to the
email account.

Through debug mode, it is also possible to bypass
captcha protection used to block bot actions(such as
automated registration), and table names can also be
discovered.

Debug mode is turned off by default, yet there are no
security warnings regarding this feature. It is best
to keep it off at all times.

Everyone is raving about the all-new Yahoo! Mail
(http://advision.webevents.yahoo.com/mailbeta/)

JSON