Bugtraq mailing list archives
Fun with UltraBoard V1.6X
From: rudicarell () HOTMAIL COM (rudi carell)
Date: Wed, 3 May 2000 02:13:16 PDT
hola friends, found some interesting things in the "old" UltraBoard-Forum scripts (UltraBoard V 1.6) class:Input Validation Error remote:Yes vulnerable:UltraBoard V1.* vendor: www.ultrascripts.com || www.ub2k.com Description: By using the good old NullByte(\000) its possible to open "any" file on the webserver(with its permissions) running the "UltraBoard" forum-software. cgi-script: UltraBoard.pl || UltraBoard.cgi Variables: Action=PrintableTopic Post=[path_including_".."_to_any_file][***NULLBYTE***] Board=[valid_board] Idle=10 Sort=0 Order=Descend Page=0 Session= hmm ... EOF nizedays, rudic rudicarell () hotmail com <dream>"getrootallthetime"</dream> ________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
Current thread:
- Re: Denial of service attack against tcpdump, (continued)
- Re: Denial of service attack against tcpdump Dragos Ruiu (May 03)
- Re: Denial of service attack against tcpdump Gerald Combs (May 03)
- "ILOVEYOU" virus analysis Steve Wolfe (May 04)
- 2.2.14 Kernel exec/open bug (?) The Cr0W (May 05)
- Re: Denial of service attack against tcpdump Hugo.van.der.Kooij () CAIW NL (May 09)
- glibc resolver weakness antirez (May 02)
- Re: glibc resolver weakness Bennett Todd (May 03)
- Re: glibc resolver weakness Valdis.Kletnieks () VT EDU (May 03)
- Re: glibc resolver weakness Andrew Brown (May 03)
- Cayman 3220-H DSL Router DOS cassius () HUSHMAIL COM (May 05)
- Fun with UltraBoard V1.6X rudi carell (May 03)
- Fwd: tcpdump workaround against dnsloop exploit. THE INFAMOUS (May 03)
- Re: tcpdump workaround against dnsloop exploit. David Schwartz (May 06)
- NetBSD Security Advisory 2000-002 Daniel Carosone (May 06)
- [NHC20000504a.0: NetBSD Panics when sent unaligned IP options] NHC Research (May 06)
- Re: Fwd: tcpdump workaround against dnsloop exploit. Sebastian (May 07)
- Re: Fun with UltraBoard V1.6X Juan M. Bello Rivas (May 05)
- Fwd: tcpdump workaround against dnsloop exploit. THE INFAMOUS (May 03)