I tried to find many basic vulnerabilities on Lamer, and sometimes found little candidates, but after all, I realized it was nothing.
But a few days after that request, I decided to try the attack known as URL SQL Injection in every place I could think about. Well not every place, only those places I could gain something, that I shouldn't have permitted.
After several minute of search I found the place I was looking for. In forums there was an option of editing your posts in the next 24 hours after posting it. After every post less older then 24 hour, was a link:
http:/domain_name/forum.php?postedit.58.4727.470396.147
There were many numbers. For example the first one is the topic id. But I really didn't knew what the others were for. So I tried modifying them, adding or extracting a bit. Modifying the second value didn't do anything. But the third value showed me other user's posts... in an input label. This way I could edit anything on the forum. Well not really, because the numbering was distributed in a weird way. But the most recent posts were in my hand. And no one could ever know who did it (well, this is, if there was no logging behind the scenes). Unfortunately the bug didn't got fixed, not talking about that I reported it more then a month ago.
No comments:
Post a Comment