ultrascripts ultraboard 1.6 - Directory Traversal Vulnerability

ID EDB-ID:19890
Type exploitdb
Reporter Rudi Carell
Modified 2000-05-03T00:00:00


UltraScripts UltraBoard 1.6 Directory Traversal Vulnerability. CVE-2000-0332. Remote exploit for cgi platform

                                            source: http://www.securityfocus.com/bid/1164/info

UltraBoard 1.6 (and possibly all 1.x versions) is vulnerable to a directory traversal attack that will allow any remote browser to download any file that the webserver has read access to. On Windows instalations, the file must reside on the same logical drive as the webroot. In all cases, the filename and relative path from the webroot must be known to the attacker. 

This is accomplished through a combination of the '../' string and the usage of a null byte (x00) in the variables passed to the UltraBoard CGI.

http: ://target/ultraboard.pl?action=PrintableTopic&Post=../../filename.ext\000