NI3
11-06-2003, 10:38 AM
TITLE:
Tritanium Bulletin Board Unauthorised Access to Threads
SECUNIA ADVISORY ID:
SA10135
VERIFY ADVISORY:
[Only registered and activated users can see links]
CRITICAL:
Less critical
IMPACT:
Exposure of sensitive information
WHERE:
From remote
SOFTWARE:
Tritanium Bulletin Board
DESCRIPTION:
A vulnerability has been reported in Tritanium Bulletin Board
allowing malicious users to read any thread.
The problem is that there isn't performed any check to see if a user
is allowed to see a thread.
Example:
/[path]/index.php?faction=reply&thread_id=any_id&forum_id=any_id&sid=your_sid
The vulnerability has been reported in version 1.2.3 and earlier.
SOLUTION:
Do not use Tritanium Bulletin Board for sensitive communication.
REPORTED BY / CREDITS:
Virginity
----------------------------------------------------------------------
Tritanium Bulletin Board Unauthorised Access to Threads
SECUNIA ADVISORY ID:
SA10135
VERIFY ADVISORY:
[Only registered and activated users can see links]
CRITICAL:
Less critical
IMPACT:
Exposure of sensitive information
WHERE:
From remote
SOFTWARE:
Tritanium Bulletin Board
DESCRIPTION:
A vulnerability has been reported in Tritanium Bulletin Board
allowing malicious users to read any thread.
The problem is that there isn't performed any check to see if a user
is allowed to see a thread.
Example:
/[path]/index.php?faction=reply&thread_id=any_id&forum_id=any_id&sid=your_sid
The vulnerability has been reported in version 1.2.3 and earlier.
SOLUTION:
Do not use Tritanium Bulletin Board for sensitive communication.
REPORTED BY / CREDITS:
Virginity
----------------------------------------------------------------------