Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[Full-disclosure] STG Security Advisory: [SSA-20050812-27] Discuz! arbitrary script upload vulnerability
From: SSR Team (advisorystgsecurity.com)
Date: Sun Aug 14 2005 - 12:08:41 CDT
-----BEGIN PGP SIGNED MESSAGE-----
STG Security Advisory: [SSA-20050812-27] Discuz! arbitrary script upload
Date Published: 2005-8-12 (KST)
Last Update: 2005-8-12 (KST)
Disclosed by SSR Team (advisorystgsecurity.com)
Discuz! is one of famous web forum applications in China. Because of an
input validation flaw, malicious attackers can run arbitrary commands with
the privilege of the HTTPD process, which is typically run as the nobody
Implementation Error: Input validation flaw
High : arbitrary command execution.
Discuz! 4.0.0 rc4 and prior.
Vendor Status: NOT Fixed
2005-7-24 Vulnerability found.
2005-7-25 Vendor (infocomsenz.com) notified.
2005-8-12 Official release.
Discuz! doesn't properly implemented to check multiple extensions of
uploaded files, so malicious attackers can upload a file with multiple
extensions such as attach.php.php.php.php.rar to a web server.
This can be exploited to run arbitrary commands with the privilege of the
HTTPD process, which is typically run as the nobody user.
Exclude the rar extension from the extension list for attached files on an
administration page and wait the release of official patch.
Jeremy Bae at STG Security
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/