Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Ultimate Bulletin Board v5.3x? Bug
From: rfp () WIRETRIP NET (.rain.forest.puppy.)
Date: Tue, 30 Nov 1999 20:29:44 -0600

There seems to be a bug with the UBB under NT

Actually, I would say the bug was a poor choice of extension on UBB's

On NT, you most likely have mapped the .cgi extension to invoke perl to
handle the script; so when you request 000001.cgi, perl is actually
running and trying to read it.  This is actually similar to the %20.pl bug
published, wow, like a year ago?  More than that?  I remember Mr. Cooper
over on his list talking about it.

The reason why Apache/unix gives you a 500 error is lack of the shebang
(#!/path/to/interpreter) line at the beginning, and also because the
script doesn't return proper headers.  If Apache was just as lax as IIS,
you would get the same result.

Granted, since those files contain passwords, they shouldn't even be
readable by the webserver, but it's a catch-22.  And the fact that they
contain plaintext passwords is un-nerving.

How to fix? change the members path to something more like
xvc83nx9wy4nd0w74m3.  That will solve it.

Until someone guesses the path.  Security through obscurity.  It won't
hurt, but don't put faith in the "that will solve it" schpeil.

- rain forest puppy

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]