php-fusion 4.x vuln
TheGreatOne2176, Reapercore
I have a found an error in php-fusion 4.x where you can view any thread on the
forum.
In fusion_forum/viewthread.php the $_GET variables arent properly checked or
queried making it possible to view all threads. The example I tested was
fusion_forum/viewthread.php?forum_id=10000&forum_cat=100000&thread_id=2
forum_id and forum_cat are not valid id's making the script skip them entirely.
So the error comes in since each thread is assigned a certain integer
(thread_id for this script) and since the category checks were being skipped, I
could just browse the forum by picking a thread_id. I went number by number and
could view all of the threads in the protected forums.