OpenBB 1.0 - Unauthorized Moderator Access

EDB-ID:

21478

Author:

frog

Type:

webapps

Platform:

PHP

Published:

2002-05-24

source: https://www.securityfocus.com/bid/4823/info

OpenBB is web forum software written in PHP. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems.

OpenBB is reported to be vulnerable to a condition that will allow an unauthorized user to gain moderator or administrative access to forums. The attacker is only able to change a few properties of the forums. 

http://www.site.com/moderator.php?action=lock&TID=LIDDUFORUM&ismod=1

This will lock the forum. Other keywords include 'action=sticky' or 'action=important'.