[13871] in bugtraq
Re: perl-cgi hole in UltimateBB by Infopop Corp.
daemon@ATHENA.MIT.EDU (Michael Wood)
Thu Feb 17 02:04:58 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000216091206.A5279@lion.kingsley.co.za>
Date: Wed, 16 Feb 2000 09:12:06 +0200
Reply-To: Michael Wood <wood@KINGSLEY.CO.ZA>
From: Michael Wood <wood@KINGSLEY.CO.ZA>
X-To: H D Moore <secure@SECUREAUSTIN.COM>, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <38A864EC.73659F12@secureaustin.com>; from H D Moore on Mon,
Feb 14, 2000 at 02:26:20PM -0600
Hi
On Mon, Feb 14, 2000 at 02:26:20PM -0600, H D Moore wrote:
> Hi,
>
> I am the administrator for a site running the commercial version of UBB,
> the problem exists there as well. The faulty code is in ubb_library.pl:
>
> if ($ThreadFile =~ /\d\d\.[m|n|ubb|cgi]/) {
Ack! From the perlre manpage:
Also remember that "|" is interpreted as a literal
within square brackets, so if you write [fee|fie|foe]
you're really only matching [feio|].
i.e. the above is equivalent to:
if ($ThreadFile =~ /\d{2}\.[mnubcgi|]/) {
i.e. it would match "00.m" or "abcabc12.c" or "43.iXXX" or "99.|" etc.
[snip]
>
> "Sergei A. Golubchik" wrote:
> >
[snip]
> > I grabbed freeware version from http://www.ultimatebb.com and
> > after 10-minutes grepping found those lines:
> >
> > ubb_library.pl:901-902
> > if ($ThreadFile =~ /\d\d\d\d\d\d\.ubb/) {
> > open (MESSAGE, "$ForumsPath/Forum$number/$ThreadFile");
[snip]
--
Michael Wood | Tel: +27 21 762 0276 | http://www.kingsley.co.za/
wood@kingsley.co.za | Fax: +27 21 761 9930 | Kingsley Technologies
