Allaire Forums Vulnerability

From: John Cantu (Jeianat_private)
Date: Tue Jan 08 2002 - 15:06:00 PST

Next message: Obscure: "CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor]"

Previous message: Tim Yardley: "RE: w00w00 on AIM Filter (Backdoors & SpyWare)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Released: January 8, 2002
By: Kernel jeian, Executive Officer, CyberArmy Exploit Research Team - http://www.exploitresearch.net
Advisory #1
---
There is a vulnerability in Allaire Forums, a popular web-board service. Through this vulnerability, it is possible to impersonate other users.
---
Allaire forums use a HIDDEN tag to determine the name and e-mail address of the author. By saving the file to disk and editing the HIDDEN fields before posting, it is possible to impersonate another user.
---
We were unable to contact the maintainer of Allaire forums as of this writing.
---
Ker. jeian
XO, CyberArmy Exploit Research.

Next message: Obscure: "CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor]"
Previous message: Tim Yardley: "RE: w00w00 on AIM Filter (Backdoors & SpyWare)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 09 2002 - 11:17:54 PST