Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] MHL-2006-003 Public Advisory: "mboard" file creation i

from [Mayhemic Labs Security] Network Security [Permanent Link]
Subject: [Full-disclosure] MHL-2006-003 Public Advisory: "mboard" file creation issue
Date: Sun, 26 Nov 2006 22:33:12 -0500 
MHL-2006-004 - Public Advisory

+-----------------------------------------------------------+
|                mboard Security Issue                      |
+-----------------------------------------------------------+


PUBLISHED ON
  November 26th, 2006


PUBLISHED AT
  http://www.mayhemiclabs.com/advisories/MHL-2006-004.txt
  http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006004


PUBLISHED BY
  Mayhemic Labs
  http://www.mayhemiclabs.com

  security AT mayhemiclabs DOT com
  GPG key: 0x56143F84


APPLICATION
  MBoard - PHP message board
  http://www.phpjunkyard.com/php-message-board.php

  "MBoard is a PHP message board script (a simple forum)."


AFFECTED VERSIONS
  Versions 1.22 and below


ISSUES
  MBoard does not check the Post ID for malicious data when replying,
  allowing an attacker to create blank files on the system wherever
  the web server has write access.

  Example: An attacker can reply to a message, and edit the "orig_id"
  variable to something malicious ("../../../../../../tmp/ZOMGHAX")
  mboard will then create the specified file (appending the
  configured extension.

WORKAROUNDS
        Enabling Magic Quotes will negate the issue.


SOLUTIONS
        Upgrade to version 1.3


REFERENCES
        MBoard - http://www.phpjunkyard.com/php-message-board.php


TIMELINE
        October 11th, 2006
                Vendor/Developer Notified
                Vendor/Developer Response Recieved

        October 25th, 2006
                Vendor/Developer Followup
                Vendor/Developer Response Recieved
                
        November 16th, 2006
                Vendor/Developer Followup

        November 18th, 2006
                New Version Released
                
        November 26th, 2006
                Advisory Released

                                
ADDITIONAL CREDIT
  N/A

LICENSE
  Creative Commons Attribution-ShareAlike License
  http://creativecommons.org/licenses/by-sa/2.5

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] MHL-2006-003 Public Advisory: "mboard" file creation issue, Mayhemic Labs Security <=
Previous by Date:  [Full-disclosure] [ GLSA 200611-21 ] Kile: Incorrect backup file permission, Sune Kloppenborg Jeppesen
Next by Date:  [Full-disclosure] The state of JavaScript Hacking, pdp (architect)
Previous by Thread:  [Full-disclosure] [ GLSA 200611-21 ] Kile: Incorrect backup file permission, Sune Kloppenborg Jeppesen
Next by Thread:  [Full-disclosure] The state of JavaScript Hacking, pdp (architect)
Indexes:  [Date] [Thread] [Top] [All Lists]