Computer Security

Security Advisory: Personal Sticky Threads v1.0.3c vbulletin Add-on problem
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  joomla com_lowcosthotels sql injection

  PHP-Fusion Mod TI - Blog System Sql Injection

From:xl4nothing_(at)_gmail.com <xl4nothing_(at)_gmail.com>
Date:26.12.2008
Subject:Personal Sticky Threads v1.0.3c vbulletin Add-on problem


Personal Sticky Threads is an addon for vbulletin that allows users to create personal stickies. There appears to be a small problem when toggling the personal sticky on a thread you do not have persmission to access.

If I am denied persmission to:

http://forums.somesite.com/showthread.php?t=7

Toggling personal stickies for the thread to on I am able to view the thread title, author, and pages:

http://forums.somesite.com/misc.php?do=togglestick&thread=47

This does not allow me access to the thread but does display information not intended to be viewed by me :)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru