Bugtraq mailing list archives
php-fusion 4.x vuln
From: <thegreatone2176 () yahoo com>
Date: 8 Feb 2005 10:27:56 -0000
TheGreatOne2176, Reapercore I have a found an error in php-fusion 4.x where you can view any thread on the forum. In fusion_forum/viewthread.php the $_GET variables arent properly checked or queried making it possible to view all threads. The example I tested was fusion_forum/viewthread.php?forum_id=10000&forum_cat=100000&thread_id=2 forum_id and forum_cat are not valid id's making the script skip them entirely. So the error comes in since each thread is assigned a certain integer (thread_id for this script) and since the category checks were being skipped, I could just browse the forum by picking a thread_id. I went number by number and could view all of the threads in the protected forums.
Current thread:
- php-fusion 4.x vuln thegreatone2176 (Feb 08)