Bugtraq mailing list archives
Re: perl-cgi hole in UltimateBB by Infopop Corp.
From: capps () SOLARECLIPSE NET (Charles Capps)
Date: Tue, 15 Feb 2000 14:41:49 -0800
For the record, the latest versions of the UBB (Freeware version '2000', and a new release of licensed version 5.43d) contain fixes for this bug as of yesterday. The fix has also been posted in this thread: http://www.scriptkeeper.com/ubb/Forum16/HTML/000814.html -- Charles Capps ----- Original Message ----- From: H D Moore <secure () SECUREAUSTIN COM> To: <BUGTRAQ () SECURITYFOCUS COM> Sent: Monday, February 14, 2000 12:26 PM Subject: Re: [BUGTRAQ] perl-cgi hole in UltimateBB by Infopop Corp.
Hi, I am the administrator for a site running the commercial version of UBB, the problem exists there as well. The faulty code is in ubb_library.pl: if ($ThreadFile =~ /\d\d\.[m|n|ubb|cgi]/) { I don't actually know the original line number, as we hacked up our copy to use MD5 password hashes versus clear-text and added many new logging/security features to curb abuse. Since all of the modifications to the code were paid for by my client, I may not be able to release them to the public... -HD "Sergei A. Golubchik" wrote:Hello. Browsing some site, I found that their forums were based not on home- made scripts, but rather commercial software product. Hey, said I to myself, remember those story about pcweek hack ? They use commercial package photoads. Let's look what that Ultimate Bulletin Board by Infopop is. I grabbed freeware version from http://www.ultimatebb.com and after 10-minutes grepping found those lines: ubb_library.pl:901-902 if ($ThreadFile =~ /\d\d\d\d\d\d\.ubb/) { open (MESSAGE, "$ForumsPath/Forum$number/$ThreadFile"); (notice? not /^\d\d\d\d\d\d\.ubb$/. What did the author think about
while
writing it ? Girls ?) And the $ThreadFile takes its value directly from the hidden (hmm!) field `topic'.
Current thread:
- perl-cgi hole in UltimateBB by Infopop Corp. Sergei A. Golubchik (Feb 11)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. H D Moore (Feb 14)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Charles Capps (Feb 15)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Michael Wood (Feb 15)
- Remote Vulnerability in the MMDF SMTP Daemon NAI Labs (Feb 16)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Bill (Feb 14)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Andrew Danforth (Feb 15)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Bill McKinnon (Feb 16)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Brock Sides (Feb 17)
- AUTORUN.INF Vulnerability Eric Stevens (Feb 17)
- Re: AUTORUN.INF Vulnerability Jesper M. Johansson (Feb 18)
- UPDATED: NetBSD Security Advisory 2000-001 Daniel Carosone (Feb 18)
- Re: AUTORUN.INF Vulnerability Nick FitzGerald (Feb 19)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. Andrew Danforth (Feb 15)
- Re: perl-cgi hole in UltimateBB by Infopop Corp. H D Moore (Feb 14)