NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2002-01

From: John Cantu (Jeianmyrealbox.com)
Date: Tue Jan 08 2002 - 17:06:00 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Released: January 8, 2002
By: Kernel jeian, Executive Officer, CyberArmy Exploit Research Team - http://www.exploitresearch.net
Advisory #1

---
There is a vulnerability in Allaire Forums, a popular web-board service. Through this vulnerability, it is possible to impersonate other users.
---
Allaire forums use a HIDDEN tag to determine the name and e-mail address of the author. By saving the file to disk and editing the HIDDEN fields before posting, it is possible to impersonate another user.
---
We were unable to contact the maintainer of Allaire forums as of this writing.
---
Ker. jeian
XO, CyberArmy Exploit Research.

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]