header-logo
Suggest Exploit
vendor:
OpenBB
by:
SecurityFocus
5.8
CVSS
MEDIUM
Unauthorized Access
287
CWE
Product Name: OpenBB
Affected Version From: OpenBB 1.0
Affected Version To: OpenBB 1.0
Patch Exists: No
Related CWE: N/A
CPE: a:openbb:openbb:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux, Unix, Windows
2002

OpenBB Unauthorized Access Vulnerability

OpenBB is vulnerable to an unauthorized access vulnerability that allows an attacker to gain moderator or administrative access to forums. The attacker can use the 'action=lock' parameter in the URL to lock the forum, or use 'action=sticky' or 'action=important' to make the forum sticky or important.

Mitigation:

Restrict access to the moderator.php page and ensure that only authorized users are able to access it.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4823/info

OpenBB is web forum software written in PHP. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems.

OpenBB is reported to be vulnerable to a condition that will allow an unauthorized user to gain moderator or administrative access to forums. The attacker is only able to change a few properties of the forums. 

http://www.site.com/moderator.php?action=lock&TID=LIDDUFORUM&ismod=1

This will lock the forum. Other keywords include 'action=sticky' or 'action=important'.

Navigation

Suggest Exploit

Services By CQR