|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: GooDWiN (badwin_at_rambler.ru)
Date: Sun Aug 25 2002 - 09:20:13 CDT
product: Ultimate PHP Board (UPB)
version: Public Beta 1.0b !!FIXED
vendor: http://www.webrc.ca/php/upb.php
status: notified
------------------------------------------------
summary: upb allow to have two `admin' accounts,
but witn different access levels. its may
aply with spoofing attacks.
------------------------------------------------
i have been register `admin' account within install procedure. it is have
`Admin' permissions. later i was register `admin' again with normal way (via
register.php) and upb dont output some error. but THIZ `admin' have a `member'
permissions.
solution (from ewgenij_s
gmx.de)
---------
in register.php change
$c = count($d)-2;
with
$c = count($d)-1;
regardz,
GooDWiN /tF0KP
----------------------------
www.security-ru.net
___________________________
origin: i'm not a lame,
not yet a hacker ))
---- http://www.rambler.ru
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]