[19606] in bugtraq
Re: Ikonboard v2.1.7b "show files" vulnerability
daemon@ATHENA.MIT.EDU (Darren Mobley)
Mon Mar 12 12:57:33 2001
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
Message-ID: <XFMail.20010312052738.decker@n3t.net>
Date: Mon, 12 Mar 2001 05:27:38 -0500
Reply-To: decker@n3t.net
From: Darren Mobley <decker@n3t.net>
X-To: "Martin J. Muench" <muench@GMC-ONLINE.DE>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3AABB92D.CBE6AFDB@gmc-online.de>
Version 2.16b is vulnerable to this attack as well.
My fix for this was to simply insert as line 45:
if($inhelpon =~ /\.\./) { &hackdetected; }
then at the bottome append:
sub hackdetected {
print "Content-type: text/plain\n\n";
print "sorry, this hole was patched :)\n";
print "you have been logged.\n";
exit;
}
Ok course you could change this to whatever..
All of the valid helpfiles should be in the same directory as help.cgi,
so this *should* work..
-darren
----------------------------------
E-Mail: decker@n3t.net
http://n3t.net
"Finem Respice"
----------------------------------
