Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web BBS :: etc :: anyboard.htm

AnyBoard - Anyone can get admin password!!!



    Systems running Anyboard (


    Draz Q  published a  short summary  of problems  with a webrelated
    software in eurohack.  Basicly it sounds pretty much like a common
    CGI  problem.  It  does  not  give  user  or root access, only the
    ability to fake/modify just about anything showed by the program.

    After using the Anyboard Forum for a while Draz Q found a "little"
    (?) flaw in  it that allows  _anyone_ to get  the admin login  and
    password.   This is  because the  forum CFG  file is  available to
    anyone.  This, allows anyone to,

        - Delete messages in the forum (purge the whole forum)
        - Modify messages
        - Write messages as Admin
        - Change admin login and password
        - In short, do anything in the Message forum


    Nothing yet.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH