[38783] in bugtraq
Easy Message Board Directory Traversal and Remote Command
daemon@ATHENA.MIT.EDU (SoulBlack Group)
Mon May 9 15:33:01 2005
Message-ID: <bf9e9116050508145929939aab@mail.gmail.com>
Date: Sun, 8 May 2005 18:59:14 -0300
From: SoulBlack Group <soulblacktm@gmail.com>
Reply-To: SoulBlack Group <soulblacktm@gmail.com>
To: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com,
news@securiteam.com, sec@soulblack.com.ar, bugs@securitytracker.com,
submissions@packetstormsecurity.org, vuln@secunia.com,
alerts_advisories@net-security.org
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
============================================================
============================================================
Title: Easy Message Board Directory Traversal and Remote Command Execution
Vulnerability discovery: SoulBlack - Security Research -
http://soulblack.com.ar
Date: 08/05/2005
Severity: High. Remote Users Can Execute Arbitrary Code.
Affected version: Easy Message Board
Vendor: http://www.geocentral.net/colscripts/index.html
============================================================
============================================================
* Summary *
Easy Message Board is "Easy Message Board"
------------------------------------------------------------------------------------------------------------------------
* Technical Description *
A new vulnerability was identified in Easy Message Board, which may be
exploited by attackers to compromise a vulnerable web server. This
flaw is due to an input validation error in the "easymsgb.pl" script
where the variable print that is put under "open()", does not have a
control of data, which may be exploited by a remote attacker to
execute arbitrary commands with the privileges of the web server.
------------------------------------------------------------------------------------------------------------------------
* Example *
http://SITE/cgi-bin/emsgb/easymsgb.pl?print=../../../../../../../../etc/passwd
http://SITE/cgi-bin/emsgb/easymsgb.pl?print=|id|
------------------------------------------------------------------------------------------------------------------------
* Fix *
Contact the Vendor.
------------------------------------------------------------------------------------------------------------------------
* References *
http://www.soulblack.com.ar/repo/papers/easymsgb_advisory.txt
------------------------------------------------------------------------------------------------------------------------
* Credits *
Vulnerability reported by SoulBlack Security Research
============================================================
--
SoulBlack - Security Research
http://www.soulblack.com.ar
