Re: Remote vulnerability in Ikonboard upto version 2.1.7b

[___cliff rayman___ <cliff () GENWAX COM>]

Gijs Hollestelle wrote:

> Summary:
> --------
> Ikonboard is a free forum system. Similair to UBB and UB. Versions up to and
> including 2.1.7b contain a vulnerability that allows commands to be executed
> as the script user. Therefore compromising security of the system running
> the board and allowing an attacker to get passwords of the board users,
> because they are in no way encrypted/hashed.
> ---8<----
>
> Solution:
> ---------
> Shortly after i informed the author of this vulnerability a fix was issued
> and now this vulnerability is fixed. (Version number seems to be un-changed
> though) to see if you have a fixed version checkout register.cgi and see if
> it contains the following code instead of the code listed above:
>
> for ('inmembername','password','emailaddress',
>   'showemail','homepage','aolname','icqnumber','location','interests',
>   'signature','timedifference','useravatar','action') {
>     next unless defined $_;

hmmm.... when would $_ be undefined???
i think he meant to write:
next unless defined $query->param($_);

>     next if $_ eq 'SEND_MAIL';

how could $_ equal 'SEND_MAIL' if it is not in the list passed to for??

>     $tp = $query->param($_);
>     $tp = &unHTML("$tp");
>     ${$_} = $tp;
> }

--
___cliff rayman___cliff@genwax.com___http://www.genwax.com/