Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[NORTHSHOREINTERNET.COM.AU: #1] amihotornot.com.au vulnerability
From: "North Shore Internet" <advisories () northshoreinternet com au>
Date: Wed, 16 Feb 2005 13:50:34 -0800

[NORTHSHOREINTERNET.COM.AU: #1] amihotornot.com.au vulnerability

Hello All,

This is my first post to bugtraq, Hope its worthwhile.

A bug has been found in the amihotornot.com.au gallery that lets a
registered user
modify other members gallery photo's.

Vulnerable Site: http://www.amihotornot.com.au


+-[Example:]----------------------------------------------------+

For this to work, you have to be a member yourself, membership
is free.

http://www.amihotornot.com.au/album/create_pictures.asp?gid=1111

Where 1111 is the ID of the member.

All members recorded by amihotornot are assigned an auto-incrementing
identifier, This makes it easy to guess an entire range of valid members
ID's.


+-[Notes:]------------------------------------------------------+

Vulnerabilities found on: 16/02/2005

Administrator (s) informed on: Tried to contact them through the website
but the contact script was broken. and no other contact information was
provided.

Administrator (s) Fix: None as of yet


Regards

C. Saunders
advisories () northshoreinternet com au
http://www.northshoreinternet.com.au

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • [NORTHSHOREINTERNET.COM.AU: #1] amihotornot.com.au vulnerability North Shore Internet (Feb 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]