Bugtraq mailing list archives
Re: Remote vulnerability in Ikonboard upto version 2.1.7b
From: ___cliff rayman___ <cliff () GENWAX COM>
Date: Thu, 28 Dec 2000 15:15:08 -0800
Gijs Hollestelle wrote:
Summary: -------- Ikonboard is a free forum system. Similair to UBB and UB. Versions up to and including 2.1.7b contain a vulnerability that allows commands to be executed as the script user. Therefore compromising security of the system running the board and allowing an attacker to get passwords of the board users, because they are in no way encrypted/hashed. ---8<---- Solution: --------- Shortly after i informed the author of this vulnerability a fix was issued and now this vulnerability is fixed. (Version number seems to be un-changed though) to see if you have a fixed version checkout register.cgi and see if it contains the following code instead of the code listed above: for ('inmembername','password','emailaddress', 'showemail','homepage','aolname','icqnumber','location','interests', 'signature','timedifference','useravatar','action') { next unless defined $_;
hmmm.... when would $_ be undefined??? i think he meant to write: next unless defined $query->param($_);
next if $_ eq 'SEND_MAIL';
how could $_ equal 'SEND_MAIL' if it is not in the list passed to for??
$tp = $query->param($_); $tp = &unHTML("$tp"); ${$_} = $tp; }
-- ___cliff rayman___cliff@genwax.com___http://www.genwax.com/
Current thread:
- Remote vulnerability in Ikonboard upto version 2.1.7b Gijs Hollestelle (Dec 28)
- Re: Remote vulnerability in Ikonboard upto version 2.1.7b ___cliff rayman___ (Dec 29)