Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Forum/Board/Portal)  >   Ultimate PHP Board Vendors:   Hoeppner, Tim
Ultimate PHP Board Counter Error in 'register.php' Lets a Remote User Register With an Account Named 'admin'
SecurityTracker Alert ID:  1005136
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 25 2002
Impact:   Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 1.0b !!FIXED
Description:   A vulnerability was reported in Ultimate PHP Board (UPB). A remote user could spoof the administrator account.

It is reported that the system permits two accounts with the name 'admin' to exist. The original 'admin' account, which is set up during installation, will have 'Admin' privileges. Also, a remote user can register an account named 'admin' that will have ordinary 'member' privileges. The remote user with this account cannot administer the account, but could post or send messages that will appear to come from the valid 'admin' account.

[Editor's note: The vulnerable version is called, oddly enough, '1.0b !!FIXED'. According to this report, it is not fixed with regards to this vulnerability.]

Impact:   A remote user could register an ordinary member account with the name 'admin' to send spoofed messages appearing to originate from the administrator.
Solution:   No solution was available at the time of this entry.

The author of the report has provided the following solution (apparently from ewgenij_s at

in register.php change

$c = count($d)-2;


$c = count($d)-1;

Vendor URL: (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  [VulnWatch] `admin' bug in upb

product: Ultimate PHP Board (UPB) 
version: Public Beta 1.0b !!FIXED 
status: notified

summary: upb allow to have two `admin' accounts, 
but witn different access levels. its may 
aply with spoofing attacks. 
 i have been register `admin' account within install procedure. it is have 
`Admin' permissions. later i was register `admin' again with normal way (via 
register.php) and upb dont output some error. but THIZ `admin' have a `member' 

solution (from

in register.php change 

      $c = count($d)-2; 


      $c = count($d)-1; 

GooDWiN /tF0KP

origin: i'm not a lame,
         not yet a hacker ))



Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC