PEAK XOOPS - newbb origined bugs 
XOOPS
XOOPS : newbb origined bugs
I've just found many bugs around access controlling in *newbb*.
-- a moderator can moderate any forums
-- anyone can post into any locked topics
-- anyone can read any posts in the private forums
Though this is not "vulnerabilities", it might be a problem if you rely *newbb*'s access controlling system.
I've just fixed in xhnewbb.
But there are many modules other than xhnewbb based on newbb.
If you are a developer of such a module, check it please.
This is the cause:
structure:
forum - topic_id - post_id
wrong check:
check by 'forum' from request
if someone request unlimited 'forum' and limited 'topic_id'/'post_id', he can do any actions allowed in the unlimited forum.
Related articles
- xhnewbb-1.30 beta release (2006-09-13 17:26:47)
Comments list
GIJOE
Posted on 2006/5/11 6:25 | Last modified
Though I don't know IPB well, IPB might be free from these bugs.
Perhaps, phpbb 2.x is also free from these bugs.
I worry about newbb1, newbb2, cbb, and the hacked modules of newbb1.
Perhaps, phpbb 2.x is also free from these bugs.
I worry about newbb1, newbb2, cbb, and the hacked modules of newbb1.
izzy
Posted on 2006/5/11 6:21
Hello GIJOE!
Does he know if it will arrive one day that some forum based on the newbb will be same to IPB?
We have the last version licensed for Xoops of IPB, it is really very good!
I like xhnewbb a lot, we are implementing in the community.
Thanks,
Izzy
Does he know if it will arrive one day that some forum based on the newbb will be same to IPB?
We have the last version licensed for Xoops of IPB, it is really very good!
I like xhnewbb a lot, we are implementing in the community.
Thanks,
Izzy
Login