Hi, I'm just a reader of this list, I don't really know the protocols to posting a message to the list, so oh well.. I'm also not sure if this problem has been posted before, but I did a search through the archives and couldn't spot it. There seems to be a bug with the UBB under NT. I don't believe Unix users of the UBB are faced with the same problem. Ofcourse it could be the version of ActivePerl, combined with the bug in the board, but anyways... By default, Member files are stored in the /cgi-bin/Members directory. The members files are stored as numbers, with a .cgi extension, eg: 00000001.cgi Under unix, if you put in http://www.url.blah/cgi-bin/Members/00000001.cgi, the server will return a 500 error, however, under NT with ActivePerl (v5.07 I believe?), it will return something like this: CGI Error The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are: Number found where operator expected at D:\CONTENT\wwwroot\data\ubb\Members\00000001.cgi line 2, near "Malby 1" (Missing semicolon on previous line?) syntax error at D:\CONTENT\wwwroot\data\ubb\Members\00000001.cgi line 2, near "Malby 1" Bareword found where operator expected at D:\CONTENT\wwwroot\data\ubb\Members\00000001.cgi line 2, near "mypass" (Missing operator before malby2?) Bareword found where operator expected at D:\CONTENT\wwwroot\data\ubb\Members\00000001.cgi line 4, near "//www" (Missing operator before www?) Semicolon seems to be missing at D:\CONTENT\wwwroot\data\ubb\Members\00000001.cgi line 6. Number found where operator expected at D:\CONTE yay for UBB handing out my password (line 2) to anyone who wants to read it. This does not work on every data file, I think it depends on wether the username has spaces in it, etc. However, it creates a very large hole. You just need to get one of the administrators data files, and as you could imagine, all hell would break loose. I've seen posts before, that the UBB isn't exactly safe (heh ;P), so heres another problem with it. The people at Infopop/Madronapark (very nice folks), offer a "Example Sites" list, a listing of users with UBB (Theres a lot of them), so now you have a big list of would be victims. Someone can go through, and test each board. I'd guarentee that about 40% of the boards are run under NT, and that most of them use the default /Members/ directory How to fix? change the members path to something more like xvc83nx9wy4nd0w74m3. That will solve it Sorry for ranting Regards, Sean
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:14:48 PDT