[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] [NORTHSHOREINTERNET.COM.AU: #1] amihotornot.com.au vulnerability



[NORTHSHOREINTERNET.COM.AU: #1] amihotornot.com.au vulnerability

Hello All,

This is my first post to bugtraq, Hope its worthwhile.

A bug has been found in the amihotornot.com.au gallery that lets a
registered user
modify other members gallery photo's.

Vulnerable Site: http://www.amihotornot.com.au


+-[Example:]----------------------------------------------------+

For this to work, you have to be a member yourself, membership
is free.

http://www.amihotornot.com.au/album/create_pictures.asp?gid=1111

Where 1111 is the ID of the member.

All members recorded by amihotornot are assigned an auto-incrementing
identifier, This makes it easy to guess an entire range of valid members
ID's.


+-[Notes:]------------------------------------------------------+

Vulnerabilities found on: 16/02/2005

Administrator (s) informed on: Tried to contact them through the website
but the contact script was broken. and no other contact information was
provided.

Administrator (s) Fix: None as of yet


Regards

C. Saunders
advisories@xxxxxxxxxxxxxxxxxxxxxxxxx
http://www.northshoreinternet.com.au

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html