[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Vulnerability in YaBB forum (Perl version without SQL)
From:       Dmitry Shurupov <root () nixp ! ru>
Date:       2004-05-02 9:39:37
Message-ID: 20040502093937.12540.qmail () www ! securityfocus ! com
[Download RAW message or body]



There's a vulnerability in non-SQL version of YaBB forum (I've checked it with YaBB 1 \
Gold - SP 1.2 written in Perl -- it's not new, but is in use even nowadays).

You can input almost anything into .txt file from boards directory. The "subject" \
form field isn't checked for "\n" symbols, so creating of a thread with such subject:

"test
of
vulnerability"

will add to the current board .txt file these strings:

"<seconds_from_Epoch>|test
of
vulnerability|<authors_nick>|<email>|<date>|<replies>|<authors_accont>|<icon>|<thread_status>"




To fix the problem look at sub Post2 in Post.pl and add this:

$subject =~ s/\n/ /g;

after this line:

$subject = $FORM{'subject'};


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic