SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   MegaBBS Vendors:   PD9 Software
MegaBBS Discloses Private Messages to Other Users
SecurityTracker Alert ID:  1015452
SecurityTracker URL:  http://securitytracker.com/id/1015452
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 9 2006
Impact:   Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2.1 and prior
Description:   Hamid Ebadi reported a vulnerability in MegaBBS. A remote user can read the private messages of other users.

A remote user can exploit a flaw in the 'send-private-message.asp' function to view private messages belonging to other users by modifying the 'replyid' value.

A demonstration exploit URL is provided:

http://[target]/megabbs/send-private-message.asp?action=quote&toid=1&replyid=XXXX

Impact:   A remote user can view the private messages of another user.
Solution:   The vendor has issued a fix, available at:

http://www.pd9soft.com/megabbs/forums/thread-view.asp?tid=4924

Vendor URL:  www.pd9soft.com/megabbs-support/index.asp (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  MegaBBS ASP Forum Software Vulnerabilities

MegaBBS ASP Forum Software Vulnerabilitie
A complete, fully featured ASP website system.
Includes an extremely powerful forum, calendars,
polls, and photo albums.
Best of all, it's completely free! Find out why
MegaBBS is one of the fastest growing ASP messaging
portals available today.http://www.pd9soft.com


Credit:
The information has been provided by Hamid Ebadi
(Hamid Network Security Team):admin@hamid.ir.
The original article can be found
at:http://hamid.ir/security

Vulnerable Systems:
MegaBBS  2.1 and below

A bug in the send-private-message funcationality has
been discovered that may disclose other members
private messages. 

example :
http://www.pd9soft.com/megabbs/send-private-message.asp?action=quote&toid=1&replyid=XXXX
you can change replyid value and read other users
messages (-: 



patch & advisory
http://www.pd9soft.com/megabbs/forums/thread-view.asp?tid=4924
and update "send-private-message.asp"


Signature
 



		
__________________________________________ 
Just $16.99/mo. or less. 
dsl.yahoo.com 
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC