Bugtraq mailing list archives
Re: Vulnerability kali's tagboard
From: security curmudgeon <jericho () attrition org>
Date: Thu, 28 Apr 2005 03:47:35 -0400 (EDT)
For reference, Kali's tagboard can be found at: http://www.xentrik.net/php/tagboard.php : There are some bugs in the kali's tagboard, you can access to the admin : system without password!, you can put iframes, scripts... But the most : vulnerabilitie is in the ban ip's, you can put this script: " <? : system($cmd) ?> " and execute commands in the server with this url: : Example: http://web.com/tag/admin/banned.php?&cmd=command.
From the readme.txt:
I suggest you password protect this directory with .htaccess, like so: ****************************************** * Example .htaccess File ****************************************** AuthUserFile /home/username/public_html/tagboard/admin/.htpasswd AuthGroupFile /dev/null AuthName "Tagboard Admin Area" AuthType Basic <Limit GET POST> require valid-user </Limit> ****************************************** To learn more about password protection with .htaccess, go to http://www.xentrik.net/htaccess/password.php
Current thread:
- Vulnerability kali's tagboard piker piker (Apr 21)
- Re: Vulnerability kali's tagboard Jason Dodson (Apr 21)
- Re: Vulnerability kali's tagboard security curmudgeon (Apr 28)
- Re: Vulnerability kali's tagboard Jesus (Apr 28)