ubpbbs.txt

2002-08-29T00:00:00
ID PACKETSTORM:29480
Type packetstorm
Reporter Goodwin
Modified 2002-08-29T00:00:00

Description

                                        
                                            `  
product: Ultimate PHP Board (UPB)   
version: Public Beta 1.0b !!FIXED   
vendor: http://www.webrc.ca/php/upb.php  
status: notified  
  
------------------------------------------------  
summary: upb allow to have two `admin' accounts,   
but witn different access levels. its may   
aply with spoofing attacks.   
------------------------------------------------  
i have been register `admin' account within install procedure. it is have   
`Admin' permissions. later i was register `admin' again with normal way (via   
register.php) and upb dont output some error. but THIZ `admin' have a `member'   
permissions.   
  
solution (from ewgenij_s@gmx.de)  
---------  
  
in register.php change   
  
$c = count($d)-2;   
  
with   
  
$c = count($d)-1;   
  
  
regardz,  
GooDWiN /tF0KP  
----------------------------  
www.security-ru.net  
  
___________________________  
origin: i'm not a lame,  
not yet a hacker ))  
  
  
----  
http://www.rambler.ru  
`