[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Vulnerability in YaBB forum (Perl version without SQL)
From: Dmitry Shurupov <root () nixp ! ru>
Date: 2004-05-02 9:39:37
Message-ID: 20040502093937.12540.qmail () www ! securityfocus ! com
[Download RAW message or body]
There's a vulnerability in non-SQL version of YaBB forum (I've checked it with YaBB 1 \
Gold - SP 1.2 written in Perl -- it's not new, but is in use even nowadays).
You can input almost anything into .txt file from boards directory. The "subject" \
form field isn't checked for "\n" symbols, so creating of a thread with such subject:
"test
of
vulnerability"
will add to the current board .txt file these strings:
"<seconds_from_Epoch>|test
of
vulnerability|<authors_nick>|<email>|<date>|<replies>|<authors_accont>|<icon>|<thread_status>"
To fix the problem look at sub Post2 in Post.pl and add this:
$subject =~ s/\n/ /g;
after this line:
$subject = $FORM{'subject'};
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic