[23763] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Allaire Forums Vulnerability

daemon@ATHENA.MIT.EDU (John Cantu)
Wed Jan 9 14:21:25 2002

From: John Cantu <Jeian@myrealbox.com>
To: bugtraq@securityfocus.com
Date: Tue, 08 Jan 2002 18:06:00 -0500
MIME-Version: 1.0
Message-ID: <1010531160.50a6affaJeian@myrealbox.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit

Released: January 8, 2002
By: Kernel jeian, Executive Officer, CyberArmy Exploit Research Team - http://www.exploitresearch.net
Advisory #1
---
There is a vulnerability in Allaire Forums, a popular web-board service. Through this vulnerability, it is possible to impersonate other users.
---
Allaire forums use a HIDDEN tag to determine the name and e-mail address of the author. By saving the file to disk and editing the HIDDEN fields before posting, it is possible to impersonate another user.
---
We were unable to contact the maintainer of Allaire forums as of this writing.
---
Ker. jeian
XO, CyberArmy Exploit Research.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[23763] in bugtraq

Allaire Forums Vulnerability

daemon@ATHENA.MIT.EDU (John Cantu)Wed Jan 9 14:21:25 2002

daemon@ATHENA.MIT.EDU (John Cantu)
Wed Jan 9 14:21:25 2002