Vulnerability Development mailing list archives
Insecure input in Search.pl from YaBB
From: "[ K o S a K ]" <kosak () EPSYLON ORG>
Date: Mon, 6 Nov 2000 23:32:33 +0100
Hi, I heard it could be possible to execute arbitrary cmd accross a script called search.pl from the YaBB package. I know that lots of web site has been defaced by this exploit, but i haven't found it yet. It exploits an insecure input in the script. Even in the latest version must be vulnerable. Has someone more informations about this ? Thanks a lot. KoSaK www.epsylon.org French Staff
Current thread:
- regarding microsoft Matthew Lawrence (Nov 06)
- Re: regarding microsoft H D Moore (Nov 06)
- Re: regarding microsoft Joe (Nov 07)
- Insecure input in Search.pl from YaBB [ K o S a K ] (Nov 07)
- Insecure input balidation in YaBB Search.pl rpc (Nov 08)
- Insecure input in Search.pl from YaBB [ K o S a K ] (Nov 07)