Easy Message Board Directory Traversal

Full Version: Easy Message Board Directory Traversal

GovernmentSecurity.org > General GSO > Exploit & Vulnerability Mailing List Archives

qcred11

May 9 2005, 08:13 PM

QUOTE

Title: Easy Message Board Directory Traversal and Remote Command Execution
Date: 08/05/2005
Severity: High. Remote Users Can Execute Arbitrary Code.
Affected version: Easy Message Board
Vendor: http://www.geocentral.net/colscripts/index.html

* Summary *
Easy Message Board is "Easy Message Board"

* Technical Description *

A new vulnerability was identified in Easy Message Board, which may be
exploited by attackers to compromise a vulnerable web server. This
flaw is due to an input validation error in the "easymsgb.pl" script
where the variable print that is put under "open()", does not have a
control of data, which may be exploited by a remote attacker to
execute arbitrary commands with the privileges of the web server.

* Example *

http://SITE/cgi-bin/emsgb/easymsgb.pl?prin..../../etc/passwd
http://SITE/cgi-bin/emsgb/easymsgb.pl?print=|id|

* Fix *
Contact the Vendor.

* Credits *
Vulnerability reported by SoulBlack Security Research

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.