============================================================
============================================================
Easy Message Board is "Easy Message Board"
A new vulnerability was identified in Easy Message Board, which may be
exploited by attackers to compromise a vulnerable web server. This
flaw is due to an input validation error in the "easymsgb.pl" script
where the variable print that is put under "open()", does not have a
control of data, which may be exploited by a remote attacker to
execute arbitrary commands with the privileges of the web server.
http://SITE/cgi-bin/emsgb/easymsgb.pl?print=../../../../../../../../etc/passwd
http://SITE/cgi-bin/emsgb/easymsgb.pl?print=|id|
Contact the Vendor.
http://www.soulblack.com.ar/repo/papers/easymsgb_advisory.txt
Vulnerability reported by SoulBlack Security Research
SoulBlack - Security Research
http://www.soulblack.com.ar
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/