Bugtraq mailing list archives
Re: perl-cgi hole in UltimateBB by Infopop Corp.
From: secure () SECUREAUSTIN COM (H D Moore)
Date: Mon, 14 Feb 2000 14:26:20 -0600
Hi, I am the administrator for a site running the commercial version of UBB, the problem exists there as well. The faulty code is in ubb_library.pl: if ($ThreadFile =~ /\d\d\.[m|n|ubb|cgi]/) { I don't actually know the original line number, as we hacked up our copy to use MD5 password hashes versus clear-text and added many new logging/security features to curb abuse. Since all of the modifications to the code were paid for by my client, I may not be able to release them to the public... -HD "Sergei A. Golubchik" wrote:
Hello. Browsing some site, I found that their forums were based not on home- made scripts, but rather commercial software product. Hey, said I to myself, remember those story about pcweek hack ? They use commercial package photoads. Let's look what that Ultimate Bulletin Board by Infopop is. I grabbed freeware version from http://www.ultimatebb.com and after 10-minutes grepping found those lines: ubb_library.pl:901-902 if ($ThreadFile =~ /\d\d\d\d\d\d\.ubb/) { open (MESSAGE, "$ForumsPath/Forum$number/$ThreadFile"); (notice? not /^\d\d\d\d\d\d\.ubb$/. What did the author think about while writing it ? Girls ?) And the $ThreadFile takes its value directly from the hidden (hmm!) field `topic'.
Current thread:
- perl-cgi hole in UltimateBB by Infopop Corp. Sergei A. Golubchik (Feb 11)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. H D Moore (Feb 14)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Charles Capps (Feb 15)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Michael Wood (Feb 15)
- Remote Vulnerability in the MMDF SMTP Daemon NAI Labs (Feb 16)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Bill (Feb 14)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Andrew Danforth (Feb 15)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Bill McKinnon (Feb 16)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Brock Sides (Feb 17)
- AUTORUN.INF Vulnerability Eric Stevens (Feb 17)
- Re: AUTORUN.INF Vulnerability Jesper M. Johansson (Feb 18)
- UPDATED: NetBSD Security Advisory 2000-001 Daniel Carosone (Feb 18)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Andrew Danforth (Feb 15)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. H D Moore (Feb 14)