SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Ikonboard Vendors:   Ikonboard.com
Re: Ikonboard Bulletin Board Software Allows Remote Viewing of Files and Directories Outside of The Software's Root Directory
SecurityTracker Alert ID:  1001074
SecurityTracker URL:  http://securitytracker.com/id/1001074
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 12 2001
Impact:   User access via network

Version(s): 2.1.7b
Description:   It is reported that Ikonboard bulletin board software for web sites contains a vulnerability that allows remote users to view files on the server that reside outside of the product's root directory.

A user notes that version 2.16b is vulnerable to this attack as well.

This user reports their personal fix for this:

if($inhelpon =~ /\.\./) { &hackdetected; }

then at the bottome append:

sub hackdetected {
print "Content-type: text/plain\n\n";
print "sorry, this hole was patched :)\n";
print "you have been logged.\n";
exit;
}

Impact:   A remote user with access to the web server could request and view files and directories outside of Ikonboard's root directory.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.ikondiscussion.com/ikonboard/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (NT), Windows (2000)

Message History:   This archive entry is a follow-up to the message listed below.
Mar 12 2001 Ikonboard Bulletin Board Software Allows Remote Viewing of Files and Directories Outside of The Software's Root Directory



 Source Message Contents

Subject:  Re: Ikonboard v2.1.7b "show files" vulnerability


Version 2.16b is vulnerable to this attack as well.

My fix for this was to simply insert as line 45:

if($inhelpon =~ /\.\./) { &hackdetected; }

then at the bottome append:

sub hackdetected {
print "Content-type: text/plain\n\n";
print "sorry, this hole was patched :)\n";
print "you have been logged.\n";
exit;
}

Ok course you could change this to whatever..

All of the valid helpfiles should be in the same directory as help.cgi,
so this *should* work..

-darren
----------------------------------
E-Mail: decker@n3t.net
http://n3t.net
"Finem Respice"
----------------------------------


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC