webevent.txt

`To whom it may concern,  
  
I found what seems to be a bug in a program called webevent   
(www.webevent.com). Webevent is a calander program that allows multiple   
users to post to, and read the calander. The bug comes in from the fact that   
you still have access to the perl file that is run when the administrator   
runs the program for the first time. Once you run this perl file, it asks   
you to enter in the admin info, e.g name, email, and....password. I've   
tested version we3.3.3, i found this version running at www.eosmith.org   
(you can access firsttime at   
www.eosmith.org/scripts/we3.3.3/webevent.pl?cmd=firsttime (this is used to   
change the admin info and pass) and   
www.eosmith.org/scripts/we3.3.3/webevent.pl?cmd=login to login. Perhaps   
earlier versions have the same problem. One way around this is to simply   
delete the firsttime.pl file after you configure webevent. I also wonder if   
this is a problem with whether you are using the .cgi extension or .pl   
extension....also, since you have access to write events once you get admin,   
i am looking into how you write to the server when you create and   
submitevents.  
_________________________________________________________________________  
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.  
  
Share information about yourself, create your own public profile at   
http://profiles.msn.com.  
  
`