Software PBLang 4.63 delpm.php authentication vulnerability

2005-03-01T00:00:00
ID SECURITYVULNS:DOC:7959
Type securityvulns
Reporter Securityvulns
Modified 2005-03-01T00:00:00

Description

[][][][][][][][][][][][][][][][][][][][][][][][][][] [][][]
[]
[] HRG - Hackerlounge Research Group [] Release: HRG009 [] Monday 03/01/05 [] Software PBLang 4.63 delpm.php authentication problem
[]
[] The author can't be held responsible for any damage
[] done by a reader. You have your own resonsibility
[] Please use this document like it's meant to.
[]
[][][][][][][][][][][][][][][][][][][][][][][][][][] [][][]

Vulnerable: PBLang 4.63 (and earlier?)


General information:

PBLang is an international BBS-software based on PHP. It does not require any database but bases on a flatfile system. Many professional features. More info on the project website.


Description:

Anyone can delete anyone elses PM's as long as their logged in (as any user, really, doesn't need to be privileged). This could allow users to harass others and other stuff... Well, wreck havoc!


Proof Of Concept:

http://localhost/pblang/delpm.php?id=[PMID]&a=[Target user name]


Fix and Vendor status:

Vendor has been notified, expect official patch soon.


Greetz:

All the people at hackerlounge.com, JWT, TGS-Security.com and JWT-Security.net. Specifically:

Th3_R@v3n (me), Dlab, Riddick, Enjoi, Blademaster, Modzilla, Pingu, Jake Johnson, Afterburn, airo, cardiaC, chis, ComputerGeek, deep_phreeze, dudley, evasion, eXtacy, Mattewan, Afterburn, Thanatos_Starfire, Roz, Sirross, UmInAsHoE, Infinite, Slarty, NoUse, Snake (I hate you), Surreal (I hate you), -=Vanguard=-, The_IRS, puNKiey, driedice, Carnuss, oKiDaN, Mr.Mind, dementis, net-RIDER, voteforpedro, Cryptic_Override, kodaxx, ~CreEpy~NoDquE~, Brainscan, the_exode, phillysteak12345, DerrtyJake, =>HeX<=, m0rk, and anyone else I forgot.


Credit:

HRG - Hackerlounge Research Group http://www.Hackerlounge.com

[][][][][][][][][][][][][][][][][][][][][][][][][][] [][][]
[]
[] HRG - Hackerlounge Research Group [] Release: HRG009 [] Monday 03/01/05 [] Software PBLang 4.63 delpm.php authentication problem
[]
[] The author can't be held responsible for any damage
[] done by a reader. You have your own resonsibility
[] Please use this document like it's meant to.
[]
[][][][][][][][][][][][][][][][][][][][][][][][][][] [][][]