Private Message Exploits

[debwalin]

Hi guys, I really need your help. I have been informed that there is an exploit for Invision Power Board v. 1.1 that allows people to get into the private message inbox of other members accounts. I have searched and searched on Google for anything about it, either the exploit itself or a patch for it. Obviously I didn't find anything or I wouldn't be here begging ya'll for help. Does anyone know anything about this, anywhere I could get some info on it?

Deb

This is my forum I'm trying to patch, not get into anyone else's in case there was doubt.

[prodikal]

Hmm did the person that told you give you a link to an advisory ? do you know if its public yet ? i remember reading something about PM's but i think it was the vbullitin message board system its late here and im about to go to bed but you could check securiteam.com packetstormsecurity.nl or xatrix.org i will check back this thread in the morning and them i will have a decent look to see if i can turn anything up

[debwalin]

Okay, nm Next time I should get a little more info. You have to be in the Admin CP and have the Admin pw, and you can't even see the whole damn msg and you can't see the sender or the recipient. Wish I had that 2 hours of my life back.

Thanks for the help though.

[cdkj]

debwalin

i did a little searching and found this I hope this helps you

http://www.avet.com.pl/pipermail/bug...il/003023.html