lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 8 May 2005 18:59:14 -0300
From: SoulBlack Group <soulblacktm@...il.com>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
	news@...uriteam.com, sec@...lblack.com.ar, bugs@...uritytracker.com,
	submissions@...ketstormsecurity.org, vuln@...unia.com,
	alerts_advisories@...-security.org
Subject: Easy Message Board Directory Traversal and Remote
	Command


============================================================

============================================================
Title: Easy Message Board Directory Traversal and Remote Command Execution
Vulnerability discovery: SoulBlack - Security Research -
http://soulblack.com.ar
Date: 08/05/2005
Severity: High. Remote Users Can Execute Arbitrary Code.
Affected version: Easy Message Board
Vendor: http://www.geocentral.net/colscripts/index.html
============================================================

============================================================

* Summary *

Easy Message Board is "Easy Message Board"

------------------------------------------------------------------------------------------------------------------------

* Technical Description *


A new vulnerability was identified in Easy Message Board, which may be
exploited by attackers to compromise a vulnerable web server. This
flaw is due to an input validation error in the "easymsgb.pl" script
where the variable print that is put under "open()", does not have a
control of data, which may be exploited by a remote attacker to
execute arbitrary commands with the privileges of the web server.

------------------------------------------------------------------------------------------------------------------------

* Example *

http://SITE/cgi-bin/emsgb/easymsgb.pl?print=../../../../../../../../etc/passwd
http://SITE/cgi-bin/emsgb/easymsgb.pl?print=|id|

------------------------------------------------------------------------------------------------------------------------

* Fix *

Contact the Vendor.

------------------------------------------------------------------------------------------------------------------------

* References *

http://www.soulblack.com.ar/repo/papers/easymsgb_advisory.txt 

------------------------------------------------------------------------------------------------------------------------

* Credits *

Vulnerability reported by SoulBlack Security Research

============================================================
--
SoulBlack - Security Research
http://www.soulblack.com.ar
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Powered by blists - more mailing lists