Re: perl-cgi hole in UltimateBB by Infopop Corp.

[wood () KINGSLEY CO ZA (Michael Wood)]

Hi

On Mon, Feb 14, 2000 at 02:26:20PM -0600, H D Moore wrote:
> Hi,
>
> I am the administrator for a site running the commercial version of UBB,
> the problem exists there as well.  The faulty code is in ubb_library.pl:
>
> if ($ThreadFile =~ /\d\d\.[m|n|ubb|cgi]/) {

Ack!  From the perlre manpage:

        Also remember that "|" is interpreted as a literal
        within square brackets, so if you write [fee|fie|foe]
        you're really only matching [feio|].

i.e. the above is equivalent to:
if ($ThreadFile =~ /\d{2}\.[mnubcgi|]/) {

i.e. it would match "00.m" or "abcabc12.c" or "43.iXXX" or "99.|" etc.

[snip]
> "Sergei A. Golubchik" wrote:
> >
[snip]
> > I grabbed freeware version from http://www.ultimatebb.com and
> > after 10-minutes grepping found those lines:
> >
> > ubb_library.pl:901-902
> >           if ($ThreadFile =~ /\d\d\d\d\d\d\.ubb/) {
> >           open (MESSAGE, "$ForumsPath/Forum$number/$ThreadFile");
[snip]

--
Michael Wood        | Tel: +27 21 762 0276 | http://www.kingsley.co.za/
wood () kingsley co za | Fax: +27 21 761 9930 | Kingsley Technologies