CONTACT INFORMATION =============================================================================== Name : Vladimir Katalov E-mail : info@elcomsoft.com Phone / fax : +7 095 216-7937 +1 866 448-2703 (fax; US, toll-free) Affiliation and address: 2-171 generala Antonova st. Moscow 117279 Russia TECHNICAL INFO =============================================================================== Description ----------- Adobe Systems Incorporated (http://www.adobe.com) recently opened a special web site to demonstrate the new library features of Adobe Content Server 3.0 (http://www.adobe.com/products/contentserver). According to Adobe description, "The Adobe eBook Library uses Adobe Content Server as a secure repository for the eBooks". The library is located at: http://librarydemo.adobe.com/library/ There are a few books available -- 5 copies of each. The customer can borrow any book for a fixed period of time (one or three days); when one customer gets a book, the counter ("number of books available") is decreased, and when it reaches zero, this book becomes not available until at least one other customer will return it to the library, or loan period will expire. However, there are three bugs/vulnerabilities there: 1. It is possible to get all available copies of any book -- Adobe Acrobat eBook Reader doesn't check if you have borrowed the given book already. 2. The loan period (one or three days) is not verified. It is implemented in the script using the following