This exploit shows how almost any script that
uses cookie session/login data
to validate CGI forms can be exploited if the
users can post images.
One of our developers, Chris 'stallion' Lambert
( [EMAIL PROTECTED] ),
discovered this exploit in a routine internal
security audit.
In regards to the bugtraq report on Ultimate
Bulletin Board™ version 5.47e:
Version 5.47e is an older, no longer maintained
version of the Ultimate Bulletin Board. Versions
6.0, 6.01, 6.02, and 6.03(the current version) do
not have this liability.
Earlier this week Infopop Corporation sent
I would first like to remind the reader that the
software version in question is clearly marked as
Beta software on our website with approporate
disclaimers.
Secondly we did release a new beta version that
night to fix this problem and have released other
versions since, all containing the