OpenBB moderator.php Unauthorized Administrator Access

2002-05-23T00:00:00
ID OSVDB:5662
Type osvdb
Reporter Frog Man(leseulfrog@hotmail.com)
Modified 2002-05-23T00:00:00

Description

Vulnerability Description

OpenBB contains a flaw that may allow a remote attacker to gain unauthorized administrative access. The issue is due to the moderator.php script not properly validating user input allowing administrative commands to be executed.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

OpenBB contains a flaw that may allow a remote attacker to gain unauthorized administrative access. The issue is due to the moderator.php script not properly validating user input allowing administrative commands to be executed.

Manual Testing Notes

http://[victim]/moderator.php?action=lock&TID=FORUMID&ismod=1 http://[victim]/moderator.php?action=lock&TID=FORUMID&ismod=1&status=1

References:

Vendor URL: http://www.openbb.com Other Advisory URL: http://www.ifrance.com/kitetoua/tuto/OpenBB.txt Mail List Post: http://marc.theaimsgroup.com/?l=vuln-dev&m=102221487407632&w=2 ISS X-Force ID: 9160 Bugtraq ID: 4823