product: Ultimate PHP Board (UPB) version: Public Beta 1.0b !!FIXED vendor: http://www.webrc.ca/php/upb.php status: notified ------------------------------------------------ summary: upb allow to have two `admin' accounts, but witn different access levels. its may aply with spoofing attacks. ------------------------------------------------ i have been register `admin' account within install procedure. it is have `Admin' permissions. later i was register `admin' again with normal way (via register.php) and upb dont output some error. but THIZ `admin' have a `member' permissions. solution (from ewgenij_sat_private) --------- in register.php change $c = count($d)-2; with $c = count($d)-1; regardz, GooDWiN /tF0KP ---------------------------- www.security-ru.net ___________________________ origin: i'm not a lame, not yet a hacker )) ---- http://www.rambler.ru
This archive was generated by hypermail 2b30 : Sun Aug 25 2002 - 10:19:42 PDT