Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web BBS :: etc :: anyboa~1.txt

AnyBoard Forum security problems

Date: Sat, 24 Apr 1999 03:55:39 +0200
From: "Bluefish [@ home]" <11a@GMX.NET>
Subject: Anyboard ( problem's publicly discussed in eurohack

Draz Q published a short summary of problems with a webrelated software in
eurohack. Basicly it sounds pretty much like a common CGI problem. It
does not give user or root access, only the ability to fake/modify just
about anything showed by the program. However, in the parts left out by me
Draz Q mentiones a great many sites (including commercial sites) exposed
to the vulnarbility.

Anyboard Forum Security Hazard - POSTED ON  Eurohack and Radikal 23/04/99
by draz Q.
Anyboard by Netbula (

After using the Anyboard Forum at my own page ( for
a while I've found a "little" (?) flaw in it that allows _anyone_ to get
the admin login and password. This is because the forum CFG file is
available to anyone.

This, allows anyone to,
- Delete messages in the forum (purge the whole forum)
- Modify messages
- Write messages as Admin
- Change admin login and password
- In short, do anything in the Message forum

[] ealliance$ || 11a$

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH