Home page logo
/

bugtraq logo Bugtraq mailing list archives

Cgisecurity.com advisory on dcforum
From: "admin () cgisecurity com" <admin () CGISECURITY COM>
Date: Tue, 14 Nov 2000 10:47:18 -0500

The staff of cgisecurity.com have found a remote input validation
error in the dcforum cgi script.

NOTE: The vendor was very quick to issue a patch on this and becuase of
this i decided to release it so soon after finding it.
Below is a paste of the advisory.


-zenomorph



                        [Cgi Security Advisory #2]
                          admin () cgisecurity com
                       DCForum Major security issues



Found
November 16th 2000
11:30am

Vendor contacted
1:20am
Vendor patch issued
1:44am


Public release
November 2000



Script Effected: DCForum
Price: $69 Personal, $99 Commercial

Versions effected:
All versions of DCForum
1.0 - 6.0(Current)


Platforms:
UNIX, Linux, Windows NT,
and Windows 2000



Vendor
http://www.dcscripts.com
Patch
http://www.dcscripts.com/dcforum/dcfNews/124.html






1. Impact

Any file can be read with the permissions of user nobody(or webserver)
Posible root comprimise in /dcforum/dcboard.cgi script.Command execution
is not allowed. (Read Only) This has only been tested on unix and linux
versions and is unknown if windows versions are effected.


2. Damage caused

It causes the deletion of dcboard.cgi if you ask it to view its own
source.
Cause for this is unknown as of now since I do not have the source.

For the above reason I cannot release the exploit itself at this point in
time. I would release it but it caused to much damage by "clicking on a
link". If it simply gave you passwd file that would be one thing but it
deleted a data and perhaps more not know of yet.



3. Fixes

The vendor has been contacted about this serious security problem.
A patch was issues within 1 hour of the finding of this hole.
This vendor was quick to respond.


http://www.dcscripts.com/dcforum/dcfNews/124.html
Below is a copy of the vendor patch as issued on there website.
********************************PATCH**************************************




1. DCForum Security Bug!!! Nov-14-00 01:44 AM
        DCForum Security Alert!!! Affects all versions of DCForum.
        ==================================

        An anonymous user has reported a security alert. Please make this
update
        as soon as possible.

        FIX - In dcboard.cgi and dcadmin.cgi, after

        $r_in = \%in;

        ADD

        $r_in->{'forum'} =~ s/\W//g;

        Please apply this patch as soon as possible.

        David









Published to the Public November 2000
Copyright September 2000 Cgisecurity.com


  By Date           By Thread  

Current thread:
  • Cgisecurity.com advisory on dcforum admin () cgisecurity com (Nov 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]