Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:954
HistoryNov 21, 2000 - 12:00 a.m.

En: ubb hole

2000-11-2100:00:00
vulners.com
1060
JSON

----- Original Message -----
From: tdf
To: [email protected]
Sent: Monday, November 20, 2000 2:46 PM
Subject: ubb hole

Ultimate Bulletin Board - Private forums security hole, by tdf ([email protected])

Well, i can see any open topic inside a private forum (password protected) WITHOUT
have the password.
How? It's simple! Using the quote feature of the Ultimate Bulletin Board!

Look this example:

http://www.scriptkeeper.com/cgi-bin/postings.cgi?action=reply&forum=tdf&number=21&topic=000004.cgi&TopicSubject=tdf&replyto=0

Hmm, it's a Infopop's help forum, using the last version of UBB (5.73)
This session of the forum is reserved for moderators only, and protected with a
password.

Put this url in your web browser and see it with your own eyes!
I can see all open threads in this session of the forum just changing the number of
the xxxxx.cgi, and all its replies changing replyto=XX

You noted that I can quote a msg without give the password… The problem is there
:)

c-ya!

JSON