Users login

Create an account »


Users login

Home » Hacking News » Ikonboard permission vulnerability

Ikonboard permission vulnerability

by phiber on March 12th, 2001 There is another bug in the Ikonboard. A malicious user can read any file on the remote system with the privileges of the web server.

Ikonboard version: 2.1.7b


- would show the password file, if it is readable with the privileges of
the web server.

- replace with the member name and it shows you his/her

(works with Administrator accounts too)

No patches yet available, vendor notified.

Quick fix:

You could fix the script temporary by inserting the following line under
line 45 in 'help.cgi':

$inhelpon =~ s////g;

This is lame, but it works.

Contributed by Martin J. Muench on a BT mailing list

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »