----- Original Message -----
From: tdf
To: tgava@telespcelular.com.br
Sent: Monday, November 20, 2000 2:46 PM
Subject: ubb hole
-----------------------------------------------------------------------------------
Ultimate Bulletin Board - Private forums security hole, by tdf (tdf@linuxbr.com.br)
-----------------------------------------------------------------------------------
Well, i can see any open topic inside a private forum (password protected) WITHOUT
have the password.
How? It's simple! Using the quote feature of the Ultimate Bulletin Board!
Look this example:
http://www.scriptkeeper.com/cgi-bin/postings.cgi?action=reply&forum=tdf&number=21&topic=000004.cgi&TopicSubject=tdf&replyto=0
Hmm, it's a Infopop's help forum, using the last version of UBB (5.73)
This session of the forum is reserved for moderators only, and protected with a
password.
Put this url in your web browser and see it with your own eyes!
I can see all open threads in this session of the forum just changing the number of
the xxxxx.cgi, and all its replies changing replyto=XX
You noted that I can quote a msg without give the password... The problem is there
:)
c-ya!
{"id": "SECURITYVULNS:DOC:954", "vendorId": null, "type": "securityvulns", "bulletinFamily": "software", "title": "En: ubb hole", "description": "\r\n----- Original Message ----- \r\nFrom: tdf \r\nTo: tgava@telespcelular.com.br \r\nSent: Monday, November 20, 2000 2:46 PM\r\nSubject: ubb hole\r\n\r\n\r\n-----------------------------------------------------------------------------------\r\nUltimate Bulletin Board - Private forums security hole, by tdf (tdf@linuxbr.com.br)\r\n-----------------------------------------------------------------------------------\r\n\r\nWell, i can see any open topic inside a private forum (password protected) WITHOUT\r\nhave the password.\r\nHow? It's simple! Using the quote feature of the Ultimate Bulletin Board!\r\n\r\nLook this example:\r\n\r\n\r\nhttp://www.scriptkeeper.com/cgi-bin/postings.cgi?action=reply&forum=tdf&number=21&topic=000004.cgi&TopicSubject=tdf&replyto=0\r\n\r\n\r\nHmm, it's a Infopop's help forum, using the last version of UBB (5.73)\r\nThis session of the forum is reserved for moderators only, and protected with a\r\npassword.\r\n\r\nPut this url in your web browser and see it with your own eyes! \r\nI can see all open threads in this session of the forum just changing the number of\r\nthe xxxxx.cgi, and all its replies changing replyto=XX \r\n\r\nYou noted that I can quote a msg without give the password... The problem is there\r\n:)\r\n\r\nc-ya!\r\n\r\n\r\n\r\n\r\n \r\n ", "published": "2000-11-21T00:00:00", "modified": "2000-11-21T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:954", "reporter": "Securityvulns", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2018-08-31T11:10:04", "viewCount": 325, "enchantments": {"score": {"value": 0.2, "vector": "NONE"}, "dependencies": {"references": []}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:749"]}]}, "exploitation": null, "affected_software": {"major_version": []}, "vulnersScore": 0.2}, "_state": {"dependencies": 1678960192, "score": 1684015796, "affected_software_major_version": 0, "epss": 1679308852}, "_internal": {"score_hash": "bd1014b301305074dd7df61380b5b1b6"}, "sourceData": "", "affectedSoftware": [], "appercut": {}, "exploitpack": {}, "hackapp": {}, "toolHref": "", "w3af": {}}