Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: perl-cgi hole in UltimateBB by Infopop Corp.
From: wood () KINGSLEY CO ZA (Michael Wood)
Date: Wed, 16 Feb 2000 09:12:06 +0200


Hi

On Mon, Feb 14, 2000 at 02:26:20PM -0600, H D Moore wrote:
Hi,

I am the administrator for a site running the commercial version of UBB,
the problem exists there as well.  The faulty code is in ubb_library.pl:

if ($ThreadFile =~ /\d\d\.[m|n|ubb|cgi]/) {

Ack!  From the perlre manpage:

        Also remember that "|" is interpreted as a literal
        within square brackets, so if you write [fee|fie|foe]
        you're really only matching [feio|].

i.e. the above is equivalent to:
if ($ThreadFile =~ /\d{2}\.[mnubcgi|]/) {

i.e. it would match "00.m" or "abcabc12.c" or "43.iXXX" or "99.|" etc.

[snip]

"Sergei A. Golubchik" wrote:

[snip]
I grabbed freeware version from http://www.ultimatebb.com and
after 10-minutes grepping found those lines:

ubb_library.pl:901-902
          if ($ThreadFile =~ /\d\d\d\d\d\d\.ubb/) {
          open (MESSAGE, "$ForumsPath/Forum$number/$ThreadFile");
[snip]

--
Michael Wood        | Tel: +27 21 762 0276 | http://www.kingsley.co.za/
wood () kingsley co za | Fax: +27 21 761 9930 | Kingsley Technologies



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault