Vulnerability Development mailing list archives
Re: Insecure input in Search.pl from YaBB
From: Rodrick Brown <Rodrick_Brown () NEWYORKLIFE COM>
Date: Tue, 7 Nov 2000 11:14:47 -0500
Why not just look over the script yourself. $ grep "open" search.pl ;) - Rodrick Brown - Systems Programming Specialist - New York Life Insurance - http://www.newyorklife.com - Office - (212) 790-1228 "[ K o S a K ]" <kosak () EPSYLON ORG> on 11/06/2000 05:32:33 PM Please respond to "[ K o S a K ]" <kosak () EPSYLON ORG> To: VULN-DEV () SECURITYFOCUS COM cc: (bcc: Rodrick Brown/NYLIC) Subject: Insecure input in Search.pl from YaBB Hi, I heard it could be possible to execute arbitrary cmd accross a script called search.pl from the YaBB package. I know that lots of web site has been defaced by this exploit, but i haven't found it yet. It exploits an insecure input in the script. Even in the latest version must be vulnerable. Has someone more informations about this ? Thanks a lot. KoSaK www.epsylon.org French Staff
Current thread:
- Re: Insecure input in Search.pl from YaBB Rodrick Brown (Nov 09)