[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] [NORTHSHOREINTERNET.COM.AU: #1] amihotornot.com.au vulnerability
- To: <bugtraq@xxxxxxxxxxxxxxxxx>
- Subject: [Full-Disclosure] [NORTHSHOREINTERNET.COM.AU: #1] amihotornot.com.au vulnerability
- From: "North Shore Internet" <advisories@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 16 Feb 2005 13:50:34 -0800
[NORTHSHOREINTERNET.COM.AU: #1] amihotornot.com.au vulnerability
Hello All,
This is my first post to bugtraq, Hope its worthwhile.
A bug has been found in the amihotornot.com.au gallery that lets a
registered user
modify other members gallery photo's.
Vulnerable Site: http://www.amihotornot.com.au
+-[Example:]----------------------------------------------------+
For this to work, you have to be a member yourself, membership
is free.
http://www.amihotornot.com.au/album/create_pictures.asp?gid=1111
Where 1111 is the ID of the member.
All members recorded by amihotornot are assigned an auto-incrementing
identifier, This makes it easy to guess an entire range of valid members
ID's.
+-[Notes:]------------------------------------------------------+
Vulnerabilities found on: 16/02/2005
Administrator (s) informed on: Tried to contact them through the website
but the contact script was broken. and no other contact information was
provided.
Administrator (s) Fix: None as of yet
Regards
C. Saunders
advisories@xxxxxxxxxxxxxxxxxxxxxxxxx
http://www.northshoreinternet.com.au
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html