DOOWS User Permissions Vulnerability

info
discussion
exploit
solution
references

DOOWS User Permissions Vulnerability

DOOW (Database of our owlish wisdom) is a web-based "knowledge database", which allows users to post information about different topics. It is written in PHP4 and back-ended by a MySQL database.

Vulnerable versions of DOOW do not properly check user permissions. This may allow an unprivileged user of the service to access restricted areas of the website.