[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

php-fusion 4.x vuln

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: php-fusion 4.x vuln
From: <thegreatone2176@xxxxxxxxx>
Date: 8 Feb 2005 10:27:56 -0000


TheGreatOne2176, Reapercore

I have a found an error in php-fusion 4.x where you can view any thread on the 
forum.

In fusion_forum/viewthread.php the $_GET variables arent properly checked or 
queried making it possible to view all threads. The example I tested was

fusion_forum/viewthread.php?forum_id=10000&forum_cat=100000&thread_id=2

forum_id and forum_cat are not valid id's making the script skip them entirely. 
 So the error comes in since each thread is assigned a certain integer 
(thread_id for this script) and since the category checks were being skipped, I 
could just browse the forum by picking a thread_id. I went number by number and 
could view all of the threads in the protected forums.

Prev by Date: iDEFENSE Security Advisory 02.07.05: IBM AIX chdev Local Format String Vulnerability
Next by Date: RE: International Domain Name [IDN] - browser-level fix (not network.enableIDN)
Previous by thread: Re: iDEFENSE Security Advisory 02.07.05: IBM AIX chdev Local Format String Vulnerability
Next by thread: RE: International Domain Name [IDN] - browser-level fix (not network.enableIDN)
Index(es):
- Date
- Thread