VBZooM Bulletin Board Lets Remote Users Upload and Execute Files
SecurityTracker Alert ID: 1005400|
SecurityTracker URL: http://securitytracker.com/id/1005400
(Links to External Site)
Date: Oct 10 2002
Execution of arbitrary code via network, Modification of user information, User access via network|
Exploit Included: Yes |
A vulnerability was reported in the VBZooM bulletin board software. A remote user can upload files and execute them on the system.|
It is reported that a remote user can bypass the code that checks for valid file extensions and upload malcious PHP code to be executed on the server.
A remote user can use the following URL to upload PHP files to the '/download' directory:
The remote user can then execute the PHP file with the following URL:
A remote user can upload and execute arbitrary PHP code.|
No solution was available at the time of this entry.|
Vendor URL: www.vbzoom.com/ (Links to External Site)
Access control error, Input validation error|
|Underlying OS: Linux (Any), UNIX (Any), Windows (Any)|
Source Message Contents
Subject: upload malicious file in VBZooM forums|
Version Affected: tested on v1.01 maybe other version vulnerable also
Category: upload system
Vendor URL: http://www.vbzoom.com
Author: hish_hish <firstname.lastname@example.org>
Date: discloused on 28th Aug 2002
published at 8th oct 2002
VBZooM is bulletin board system which written in php,
for valid extinsions.
and you can bypass this check in two ways (see Details).
you should be a member in the victim script,
and go to make new subject, now save the page in your hard drive
and make some changes in <form action="add-subject.php ......>
to <form action="http://victim/VBZoom/add-subject.php ....>
now select your malicious file to upload it (should be .php)
OK now hit submit bottom , the forum will redirect you to your subject
douh :) your file waiting you as attachment :)
NOTE : all visitor can see and use your uploaded file , so forget the 1st
way and see 2nd: .
you dont need to be a member in victim forum , just follow me :) .
it will upload your file in "/download" directory.
now execute your .php file