|
Vulnerability Anyboard Affected Systems running Anyboard (www.netbula.com) Description Draz Q published a short summary of problems with a webrelated software in eurohack. Basicly it sounds pretty much like a common CGI problem. It does not give user or root access, only the ability to fake/modify just about anything showed by the program. After using the Anyboard Forum for a while Draz Q found a "little" (?) flaw in it that allows _anyone_ to get the admin login and password. This is because the forum CFG file is available to anyone. This, allows anyone to, - Delete messages in the forum (purge the whole forum) - Modify messages - Write messages as Admin - Change admin login and password - In short, do anything in the Message forum Solution Nothing yet.