A vulnerability discovered in Almond Classifeds
( http://www.almondsoft.com/alcl.html )

vulnerability is due omit check of password in "editform"
user can edit any add in the classifieds

if we post new add we can edit our add
in the "editform" section there are 2 hidden fields:

<input type='hidden' name='ed_id' value='xxx'>
<input type='hidden' name='ed_passw' value='******'>

by changing the number of add - 'ed_id' field and submiting the changes
add with new id number is OVERWRITE!

...and mass editing can be performed by script simply cycling
the 'ed_id' value and sending POST requests.

---------------------------------------------
Alexiev - alexiev[at]globalnetsystem.com