| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <bf9e9116050508145929939aab@mail.gmail.com> Date: Sun, 8 May 2005 18:59:14 -0300 From: SoulBlack Group <soulblacktm@...il.com> To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, news@...uriteam.com, sec@...lblack.com.ar, bugs@...uritytracker.com, submissions@...ketstormsecurity.org, vuln@...unia.com, alerts_advisories@...-security.org Subject: Easy Message Board Directory Traversal and Remote Command ============================================================ ============================================================ Title: Easy Message Board Directory Traversal and Remote Command Execution Vulnerability discovery: SoulBlack - Security Research - http://soulblack.com.ar Date: 08/05/2005 Severity: High. Remote Users Can Execute Arbitrary Code. Affected version: Easy Message Board Vendor: http://www.geocentral.net/colscripts/index.html ============================================================ ============================================================ * Summary * Easy Message Board is "Easy Message Board" ------------------------------------------------------------------------------------------------------------------------ * Technical Description * A new vulnerability was identified in Easy Message Board, which may be exploited by attackers to compromise a vulnerable web server. This flaw is due to an input validation error in the "easymsgb.pl" script where the variable print that is put under "open()", does not have a control of data, which may be exploited by a remote attacker to execute arbitrary commands with the privileges of the web server. ------------------------------------------------------------------------------------------------------------------------ * Example * http://SITE/cgi-bin/emsgb/easymsgb.pl?print=../../../../../../../../etc/passwd http://SITE/cgi-bin/emsgb/easymsgb.pl?print=|id| ------------------------------------------------------------------------------------------------------------------------ * Fix * Contact the Vendor. ------------------------------------------------------------------------------------------------------------------------ * References * http://www.soulblack.com.ar/repo/papers/easymsgb_advisory.txt ------------------------------------------------------------------------------------------------------------------------ * Credits * Vulnerability reported by SoulBlack Security Research ============================================================ -- SoulBlack - Security Research http://www.soulblack.com.ar _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists