• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Forums! Insecure User Validation Message Posting Vulnerability

Forums! is a web based bulletin board system which uses the Allaire Cold Fusion server backend. Forums! is derived from the open source release of the Allaire Forums software.

A vulnerability exists in the way new messages are posted. The identity of the sender of a message is determined from values supplied as CGI parameters, passed through hidden form fields. These values may be trivially changed by a user of the system, resulting in the impersonation of another valid user.

Allaire Forums shares this vulnerability.

It is unknown whether an account on the Forums! system is required in order to exploit this vulnerability.