Web Wiz Forum 6.34/7.0/7.5 - Unauthorized Private Forum Access Vulnerability

2003-11-03T00:00:00
ID EDB-ID:23331
Type exploitdb
Reporter Alexander Antipov
Modified 2003-11-03T00:00:00

Description

Web Wiz Forum 6.34/7.0/7.5 Unauthorized Private Forum Access Vulnerability. CVE-2003-1176. Webapps exploit for asp platform

                                        
                                            source: http://www.securityfocus.com/bid/8957/info

A vulnerability has been reported in Web Wiz Forum that could allow unauthorized access to private forums. The problem occurs when handling malformed requests that make use of 'quote' mode. When this mode is used, Web Wiz Forum will allegedly fail to carry out sufficient checks between the requested forum and message. As a result, an attacker could potentially read or write to a private forum.

http://www.example.com/post_message_form.asp?mode=quote&PID=1111&FID=1&TID=11&TPN=1