Vulnerability

   Ezboard

Affected

    Ezboard ver. 5.3.9

Description

    Following  is  based  on  Securax  Security Advisory.  This entire
    advisory has been based upon trial and error results.  We can  not
    ensure the information  below is 100%  correct being that  we have
    no source code to audit.

    When someone visits

        http://pub4.ezboard.com/u*.showPublicProfile

    for  example,  every  ezboard  on  server6.ezboard.com will become
    unreachable for anyone.  The problem occurs when trying to Show  a
    users public profile.  When a user is replaced with '*' it  causes
    the  server  to  strain.   If  you  want  to  make the ezboards on
    pub7.ezboard.com unreachable you can  visit the following site  as
    well:

        http://pub7.ezboard.com/u*.showPublicProfile

    Not much research has been  directed to locating the full  list of
    pub* servers.   Variable standard  wildcard characters  also cause
    the servers to have the same reaction, ie: $, &, @, etc.

    Ezboard servers and client message  boards, etc. can be caused  to
    be  lagged  and  unreachable  while  the service strains for large
    wildcard responses.  Their could be made code that would take  the
    server down fully.  For example:

        perl -e 'for(;;){`(sleep 30;killall -9 lynx)|lynx http://address/`}'

    This is not tested.

Solution

    The service has been notified  and will hopefully be fixed  within
    the  near  future  to  prevent  and further misfortune for current
    clients/users in action of service.