SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Forum/Board/Portal)  >   MegaBBS Vendors:   PD9 Software
MegaBBS Discloses Private Messages to Other Users
SecurityTracker Alert ID:  1015452
SecurityTracker URL:  http://securitytracker.com/id/1015452
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 9 2006
Impact:   Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2.1 and prior
Description:   Hamid Ebadi reported a vulnerability in MegaBBS. A remote user can read the private messages of other users.

A remote user can exploit a flaw in the 'send-private-message.asp' function to view private messages belonging to other users by modifying the 'replyid' value.

A demonstration exploit URL is provided:

http://[target]/megabbs/send-private-message.asp?action=quote&toid=1&replyid=XXXX
Impact:   A remote user can view the private messages of another user.
Solution:   The vendor has issued a fix, available at:

http://www.pd9soft.com/megabbs/forums/thread-view.asp?tid=4924
Vendor URL:  www.pd9soft.com/megabbs-support/index.asp (Links to External Site)
Cause:   Access control error
Underlying OS:   Windows (Any)

Message History:   None.

 Source Message Contents
Date:  Sat, 7 Jan 2006 20:06:23 -0800 (PST)
Subject:  MegaBBS ASP Forum Software Vulnerabilities

MegaBBS ASP Forum Software Vulnerabilitie
A complete, fully featured ASP website system.
Includes an extremely powerful forum, calendars,
polls, and photo albums.
Best of all, it's completely free! Find out why
MegaBBS is one of the fastest growing ASP messaging
portals available today.http://www.pd9soft.com


Credit:
The information has been provided by Hamid Ebadi
(Hamid Network Security Team):admin@hamid.ir.
The original article can be found
at:http://hamid.ir/security

Vulnerable Systems:
MegaBBS  2.1 and below

A bug in the send-private-message funcationality has
been discovered that may disclose other members
private messages. 

example :
http://www.pd9soft.com/megabbs/send-private-message.asp?action=quote&toid=1&replyid=XXXX
you can change replyid value and read other users
messages (-: 



patch & advisory
http://www.pd9soft.com/megabbs/forums/thread-view.asp?tid=4924
and update "send-private-message.asp"


Signature
 



		
__________________________________________ 
Yahoo! DSL – Something to write home about. 
Just $16.99/mo. or less. 
dsl.yahoo.com


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC