Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2000-0853

Publish Date: 10 Sep 2000

                							

                source: http://www.securityfocus.com/bid/1668/info

YaBB.pl, a web-based bulletin board script, stores board postings in numbered text files. The numbered file name is specified in the call to YaBB.pl in the variable num=&lt;file&gt;. Before retrieving the file, YaBB will append a .txt extension to &lt;file&gt;.

Due to input validation problems in YaBB, relative paths can be specified in &lt;file&gt;. This includes ../ style paths.

Additionally, &lt;file&gt; does not need to be numerical, and the .txt extension can be avoided by appending %00 to &lt;file&gt;.

By exploiting these problems in a single request, a malicious user can view any file that the webserver has access to.

http://www.my_target.com/cgi-bin/YaBB.pl?board=news&amp;action=display&amp;num=../../../../../../../../etc/passwd%00

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

YaBB 9.1.2000 - Arbitrary File Read

Vulmon Search

About

Products

Connect