TUCoPS :: Web :: General :: narrow~1.txt

Security flaw in

This requires that you already have a account.  Once you have an account
you can modify/view any of the other member's records.

I'm a member of and I recently stumbled across a
security flaw in there system.
When you login there is an option that allows you to modify your
account information. The address is****&location=534

If you simply change the hostid part to any 4 digit you are able to
access other peoples acccounts. You have their name, phone #, address,
password and login, site address and more. 

Sincerely, MaTT

