DCForum dcboard.cgi AZ Field Traversal Arbitrary File Upload

2003-03-31T00:00:00
ID OSVDB:3862
Type osvdb
Reporter OSVDB
Modified 2003-03-31T00:00:00

Description

Vulnerability Description

DCForum contains a flaw that allows a remote attacker to upload arbitrary files to the server. The issue is due to improper sanity checking on the "az=" hidden field. By changing it to "az=upload_file", an attacker can specify arbitrary files to be uploaded.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, DCScripts.com has released a patch to address this vulnerability.

Short Description

DCForum contains a flaw that allows a remote attacker to upload arbitrary files to the server. The issue is due to improper sanity checking on the "az=" hidden field. By changing it to "az=upload_file", an attacker can specify arbitrary files to be uploaded.

References:

Vendor Specific Solution URL: http://www.dcscripts.com/FAQ/sec_2001_03_31.html Related OSVDB ID: 3867 Related OSVDB ID: 3861 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-04/0269.html ISS X-Force ID: 6392 CVE-2001-0436 Bugtraq ID: 2611