WebScripts WebBBS webbbs_config.pl Remote Command Execution

2002-06-18T00:00:00
ID OSVDB:3513
Type osvdb
Reporter OSVDB
Modified 2002-06-18T00:00:00

Description

Vulnerability Description

WebBBS contains a flaw that allows a remote attacker to execute arbitrary commands on a vulnerable system. The issue is due to the webbbs_config.pl script not providing proper sanity checking for input passed to the "followup" variable. Using a specially crafted URI, a remote attacker can execute any command on the remote host with the same privileges as the web server.

Solution Description

Upgrade to version 5.01 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

WebBBS contains a flaw that allows a remote attacker to execute arbitrary commands on a vulnerable system. The issue is due to the webbbs_config.pl script not providing proper sanity checking for input passed to the "followup" variable. Using a specially crafted URI, a remote attacker can execute any command on the remote host with the same privileges as the web server.

Manual Testing Notes

http://[victim]/webbbs/webbbs_config.pl?name=joe&email=test@example.com&body=aaaaffff&followup=10;cat%20/etc/passwd

References:

Vendor URL: http://awsd.com/scripts/webbbs/ Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-06/0217.html ISS X-Force ID: 9378 Bugtraq ID: 5048