Vulnerability Development mailing list archives
Insecure input balidation in YaBB Search.pl
From: rpc <h () ckz org>
Date: Tue, 7 Nov 2000 11:01:46 GMT
Hi Everybody, Kosak reported this problem to vuln-dev last night. I downloaded the script and did some testing. There is an input validation problem with the 'catsearch' field, which gets interpolated in an open statement: open(FILE, "$boardsdir/$cattosearch") || &fatal_error("$txt{'23'} $currentboard.txt"); where $cattosearch is a localized $catsearch, assigned: $catsearch = $FORM{'catsearch'}; An attacker could easily create a malicious html form with a catsearch such as: ./../../../../../usr/bin/touch%20/tmp/foo| The amount of directory traversal will vary from site to site, depending on their YaBB setup. --rpc <h () ckz org> On Mon, 6 Nov 2000 23:32:33 +0100, [ K o S a K ] said:
Hi, I heard it could be possible to execute arbitrary cmd accross a script called search.pl from the YaBB package. I know that lots of web site has been defaced by this exploit, but i haven't found it yet. It exploits an insecure input in the script. Even in the latest version must be vulnerable. Has someone more informations about this ? Thanks a lot. KoSaK www.epsylon.org French Staff
Current thread:
- regarding microsoft Matthew Lawrence (Nov 06)
- Re: regarding microsoft H D Moore (Nov 06)
- Re: regarding microsoft Joe (Nov 07)
- Insecure input in Search.pl from YaBB [ K o S a K ] (Nov 07)
- Insecure input balidation in YaBB Search.pl rpc (Nov 08)
- Insecure input in Search.pl from YaBB [ K o S a K ] (Nov 07)