Messagerie 1.0 - Arbitrary User Removal Denial of Service

Author: frog
type: dos
platform: php
port: 
date_added: 2002-04-27  
date_updated: 2012-09-21  
verified: 1  
codes: OSVDB-86916  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 21428.txt  

source: https://www.securityfocus.com/bid/4635/info

Messagerie is a web message board application maintained by La Basse.

An issue has been discovered in Messagerie, which could allow an attacker to delete arbitrary user accounts.

Reportedly, submitting a specially crafted URL will successfully remove user accounts.

It should be noted that known usernames of the system is required.


http://www.host.com/supp_membre.php?choix_membre_supp=polom