DCForum dcboard.cgi Arbitrary Admin Account Creation

2001-05-15T00:00:00
ID OSVDB:480
Type osvdb
Reporter OSVDB
Modified 2001-05-15T00:00:00

Description

Vulnerability Description

DCForum contains a flaw that allows a remote attacker to create an arbitrary administrative account. Due to a flaw in the process of creating a new user, proper sanitization is not applied to input. This allows an attacker to supply a pipe (|) and arbitrary text in the form of an additional user account, which will be added to the password file.

Solution Description

Upgrade to version 6.25 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

DCForum contains a flaw that allows a remote attacker to create an arbitrary administrative account. Due to a flaw in the process of creating a new user, proper sanitization is not applied to input. This allows an attacker to supply a pipe (|) and arbitrary text in the form of an additional user account, which will be added to the password file.

Manual Testing Notes

Register a new user as follows: Username = dummyuser Password = * Password again = *** Firstname = John Lastname = Doe\nzzw1I3xWVi.zE|evilhacker|admin|Evil|Hacker Email = evil@evil.com

References:

Vendor URL: http://www.dcscripts.com/dcforum.shtml Snort Signature ID: 818 Other Advisory URL: http://www.vesaria.com/Advisories/QDAV-5-2000-2.html Nessus Plugin ID:10583 ISS X-Force ID: 6538 Generic Exploit URL: http://qdefense.com/downloads/dcgetadmin_pl.txt CVE-2001-0527 Bugtraq ID: 2728