Flatnuke myforum Cookie Parameter Authentication Bypass Arbitrary File Upload

2006-10-11T11:49:04
ID OSVDB:29667
Type osvdb
Reporter rgod(rgod@autistici.org)
Modified 2006-10-11T11:49:04

Description

Vulnerability Description

FlatNuke contains a flaw that may allow a remote attacker to upload and execute arbitrary code. An input validation error exists in the authentication process when checking the "myforum" cookie parameter, this can be exploited to execute arbitrary code on the web server.

Solution Description

Upgrade to version 2.5.8.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

FlatNuke contains a flaw that may allow a remote attacker to upload and execute arbitrary code. An input validation error exists in the authentication process when checking the "myforum" cookie parameter, this can be exploited to execute arbitrary code on the web server.

References:

Vendor URL: http://www.flatnuke.org/ Secunia Advisory ID:22345 Related OSVDB ID: 29665 Related OSVDB ID: 29666 Generic Exploit URL: http://milw0rm.com/exploits/2498 Generic Exploit URL: http://milw0rm.com/exploits/2499