[18593] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

UltraBoard cgi directory permission problem

daemon@ATHENA.MIT.EDU (JW Oh)
Fri Jan 12 16:50:41 2001

MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID:  <Pine.LNX.4.30.0101120940220.11022-100000@ivntech.com>
Date:         Fri, 12 Jan 2001 09:40:53 +0900
Reply-To: JW Oh <mat@IVNTECH.COM>
From: JW Oh <mat@IVNTECH.COM>
To: BUGTRAQ@SECURITYFOCUS.COM

   Hacksware Bug Report

1. Name: UltraBoard cgi directory permission problem
2. Release Date: 2001.1.12
3. Affected Application:
 UltraBoard 2000 Personal Edition
 Version 2.11
 http://www.ub2k.com/downloads/UB211PEB1.zip
4. Author: mat@hacksware.com
5. Type: Configuration Error
6. Explanation
 In default installation, following Directories below ub2k cgi installtion directory have 777 permission.
  ./Private/Skins
  ./Private/Database
  ./Private/Backups
 You can add some cgi scripts to theses directories and can gain webserver uid.
7. Exploits
 Refer to Explation.
8. Solution
 chmod 755 `find <ub2k cgi directory> -perm 777`
  ub2k cgi directory: the directory where you installed ub2k cgi files.

=================================================
|               mat@hacksware.com               |
|             http://hacksware.com              |
=================================================


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[18593] in bugtraq

UltraBoard cgi directory permission problem

daemon@ATHENA.MIT.EDU (JW Oh)Fri Jan 12 16:50:41 2001

daemon@ATHENA.MIT.EDU (JW Oh)
Fri Jan 12 16:50:41 2001