| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 1 Mar 2005 00:46:12 -0000 From: Raven <raven@...-security.com> To: bugtraq@...urityfocus.com Subject: Software PBLang 4.63 delpm.php authentication vulnerability [][][][][][][][][][][][][][][][][][][][][][][][][][] [][][] [] [] HRG - Hackerlounge Research Group [] Release: HRG009 [] Monday 03/01/05 [] Software PBLang 4.63 delpm.php authentication problem [] [] The author can't be held responsible for any damage [] done by a reader. You have your own resonsibility [] Please use this document like it's meant to. [] [][][][][][][][][][][][][][][][][][][][][][][][][][] [][][] Vulnerable: PBLang 4.63 (and earlier?) --- General information: PBLang is an international BBS-software based on PHP. It does not require any database but bases on a flatfile system. Many professional features. More info on the project website. --- Description: Anyone can delete anyone elses PM's as long as their logged in (as any user, really, doesn't need to be privileged). This could allow users to harass others and other stuff... Well, wreck havoc! --- Proof Of Concept: http://localhost/pblang/delpm.php?id=[PMID]&a=[Target user name] --- Fix and Vendor status: Vendor has been notified, expect official patch soon. --- Greetz: All the people at hackerlounge.com, JWT, TGS-Security.com and JWT-Security.net. Specifically: Th3_R@v3n (me), Dlab, Riddick, Enjoi, Blademaster, Modzilla, Pingu, Jake Johnson, Afterburn, airo, cardiaC, chis, ComputerGeek, deep_phreeze, dudley, evasion, eXtacy, Mattewan, Afterburn, Thanatos_Starfire, Roz, Sirross, UmInAsHoE, Infinite, Slarty, NoUse, Snake (I hate you), Surreal (I hate you), -=Vanguard=-, The_IRS, puNKiey, driedice, Carnuss, oKiDaN, Mr.Mind, dementis, net-RIDER, voteforpedro, Cryptic_Override, kodaxx, ~CreEpy~NoDquE~, Brainscan, the_exode, phillysteak12345, DerrtyJake, =>HeX<=, m0rk, and anyone else I forgot. --- Credit: HRG - Hackerlounge Research Group http://www.Hackerlounge.com [][][][][][][][][][][][][][][][][][][][][][][][][][] [][][] [] [] HRG - Hackerlounge Research Group [] Release: HRG009 [] Monday 03/01/05 [] Software PBLang 4.63 delpm.php authentication problem [] [] The author can't be held responsible for any damage [] done by a reader. You have your own resonsibility [] Please use this document like it's meant to. [] [][][][][][][][][][][][][][][][][][][][][][][][][][] [][][]
Powered by blists - more mailing lists