Clever Copy readpm.php Arbitrary User Message Manipulation

ID OSVDB:18509
Type osvdb
Reporter Lostmon Lords(
Modified 2005-07-27T05:20:33


Vulnerability Description

Clever Copy contains a flaw that may allow a malicious user to manipulate arbitrary user messages. The issue is triggered when an attacker manipulates the URL to access a message. This flaw may lead to a loss of confidentiality and integrity.

Technical Description

An attacker must supply valid authentication credentials in order to exploit this vulnerability.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Clever Copy readpm.php Arbitrary User Message Manipulation.

Manual Testing Notes

http://[victim]/readpm.php?op=read&ID=2&name=pruebas&user=waltrapass http://[victim]/readpm.php?op=read&ID=2&user=waltrapass http://[victim]/readpm.php?op=del&ID=2&name=pruebas&user=waltrapass http://[victim]/readpm.php?op=del&ID=2&user=waltrapass


Vendor URL: Secunia Advisory ID:16236 Other Advisory URL: ISS X-Force ID: 21619 Bugtraq ID: 14397