Home page logo

fulldisclosure logo Full Disclosure mailing list archives

[NORTHSHOREINTERNET.COM.AU: #1] amihotornot.com.au vulnerability
From: "North Shore Internet" <advisories () northshoreinternet com au>
Date: Wed, 16 Feb 2005 13:50:34 -0800

[NORTHSHOREINTERNET.COM.AU: #1] amihotornot.com.au vulnerability

Hello All,

This is my first post to bugtraq, Hope its worthwhile.

A bug has been found in the amihotornot.com.au gallery that lets a
registered user
modify other members gallery photo's.

Vulnerable Site: http://www.amihotornot.com.au


For this to work, you have to be a member yourself, membership
is free.


Where 1111 is the ID of the member.

All members recorded by amihotornot are assigned an auto-incrementing
identifier, This makes it easy to guess an entire range of valid members


Vulnerabilities found on: 16/02/2005

Administrator (s) informed on: Tried to contact them through the website
but the contact script was broken. and no other contact information was

Administrator (s) Fix: None as of yet


C. Saunders
advisories () northshoreinternet com au

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
  • [NORTHSHOREINTERNET.COM.AU: #1] amihotornot.com.au vulnerability North Shore Internet (Feb 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]