STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard
Revision 1.2 Date Published: 2004-12-20 (KST) Last Update: 2004-12-24 Disclosed by SSR Team (email@example.com)
ZeroBoard is one of widely used web BBS applications in Korea. . However, an input validation flaw can cause malicious attackers to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user.
Implementation Error: Input validation flaw
High : arbitrary commands execution.
ZeroBoard 4.1pl4 and prior
2004-11-20 Vulnerabilities found. 2004-11-20 1st vendor contact, but they didn't replied. 2004-11-22 2nd vendor contact, but they didn't replied. 2004-12-13 STG Security, Inc. customer notified. 2004-12-24 Official release.
Vulnerability 1 : PHP source injection vulnerability
// _head.php 읽음 @include $_zb_path."_head.php";
Vulnerability 2 : PHP source injection vulnerability
Vulnerability 3 : Cross-site scripting vulnerability
Without official patches of theses vulnerability, modify the vulnerable sources as following recommendations.
Vulnerability 1: As of zboard 4.1pl4
Insert the following code at 59th line of outlogin.php,
Vulnerability 2: As of zboard 4.1pl4
Insert the following code at 15th line of include/write.php,
Vulnerability 3: As of zboard 4.1pl4
Insert the following code at 3rd line of check_user_id.php,
$user_id = htmlspecialchars(trim($user_id));
Jeremy Bae at STG Security