TUCoPS :: Web BBS :: etc :: hack8053.htm

Easy Message Board Directory Traversal and Remote Command
Easy Message Board Directory Traversal and Remote Command

============================================================

============================================================
Title: Easy Message Board Directory Traversal and Remote Command Execution
Vulnerability discovery: SoulBlack - Security Research -
http://soulblack.com.ar 
Date: 08/05/2005
Severity: High. Remote Users Can Execute Arbitrary Code.
Affected version: Easy Message Board
Vendor: http://www.geocentral.net/colscripts/index.html 
============================================================

============================================================

* Summary *

Easy Message Board is "Easy Message Board"

------------------------------------------------------------------------------------------------------------------------

* Technical Description *


A new vulnerability was identified in Easy Message Board, which may be
exploited by attackers to compromise a vulnerable web server. This
flaw is due to an input validation error in the "easymsgb.pl" script
where the variable print that is put under "open()", does not have a
control of data, which may be exploited by a remote attacker to
execute arbitrary commands with the privileges of the web server.

------------------------------------------------------------------------------------------------------------------------

* Example *

http://SITE/cgi-bin/emsgb/easymsgb.pl?print=../../../../../../../../etc/pas swd
http://SITE/cgi-bin/emsgb/easymsgb.pl?print=|id| 

------------------------------------------------------------------------------------------------------------------------

* Fix *

Contact the Vendor.

------------------------------------------------------------------------------------------------------------------------

* References *

http://www.soulblack.com.ar/repo/papers/easymsgb_advisory.txt 

------------------------------------------------------------------------------------------------------------------------

* Credits *

Vulnerability reported by SoulBlack Security Research

============================================================
--
SoulBlack - Security Research
http://www.soulblack.com.ar 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH