Home page logo
/

bugtraq logo Bugtraq mailing list archives

Insecure input balidation in YaBB Search.pl
From: rpc <h () ckz org>
Date: Tue, 7 Nov 2000 11:01:46 GMT

Hi Everybody,

  Kosak reported this problem to vuln-dev last night.  I downloaded the script
and did some testing.

There is an input validation problem with the 'catsearch' field, which gets
interpolated in an open statement:

open(FILE, "$boardsdir/$cattosearch") || &fatal_error("$txt{'23'}
$currentboard.txt");

where $cattosearch is a localized $catsearch, assigned:
$catsearch = $FORM{'catsearch'};

An attacker could easily create a malicious html form with a catsearch such as:
./../../../../../usr/bin/touch%20/tmp/foo|

The amount of directory traversal will vary from site to site, depending on
their YaBB setup.

--rpc <h () ckz org>

On Mon, 6 Nov 2000 23:32:33 +0100, [ K o S a K ] said:

Hi,

 I heard it could be possible to execute arbitrary cmd accross a script
 called search.pl from the YaBB package.
 I know that lots of web site has been defaced by this exploit, but i haven't
 found it yet.
 It exploits an insecure input in the script.
 Even in the latest version must be vulnerable.

 Has someone more informations about this ?

 Thanks a lot.


 KoSaK
 www.epsylon.org
 French Staff



  By Date           By Thread  

Current thread:
  • Insecure input balidation in YaBB Search.pl rpc (Nov 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault