OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq Archives: Re: Ultimate Bulletin Board v5.3x? Bug

Re: Ultimate Bulletin Board v5.3x? Bug

Subject: Re: Ultimate Bulletin Board v5.3x? Bug
From: .rain.forest.puppy. (rfpWIRETRIP.NET)
Date: Tue Nov 30 1999 - 20:29:44 CST

> There seems to be a bug with the UBB under NT

Actually, I would say the bug was a poor choice of extension on UBB's
part.

On NT, you most likely have mapped the .cgi extension to invoke perl to
handle the script; so when you request 000001.cgi, perl is actually
running and trying to read it. This is actually similar to the %20.pl bug
published, wow, like a year ago? More than that? I remember Mr. Cooper
over on his list talking about it.

The reason why Apache/unix gives you a 500 error is lack of the shebang
(#!/path/to/interpreter) line at the beginning, and also because the
script doesn't return proper headers. If Apache was just as lax as IIS,
you would get the same result.

Granted, since those files contain passwords, they shouldn't even be
readable by the webserver, but it's a catch-22. And the fact that they
contain plaintext passwords is un-nerving.

> How to fix? change the members path to something more like
> xvc83nx9wy4nd0w74m3. That will solve it.

Until someone guesses the path. Security through obscurity. It won't
hurt, but don't put faith in the "that will solve it" schpeil.

- rain forest puppy

This archive was generated by hypermail 2b27 : Wed Dec 01 1999 - 14:39:14 CST