SIR GNUBoard File Upload Extension Restriction Bypass Vulnerability
BID:12149
Info
SIR GNUBoard File Upload Extension Restriction Bypass Vulnerability
| Bugtraq ID: | 12149 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 03 2005 12:00AM |
| Updated: | Jan 03 2005 12:00AM |
| Credit: | Discovery credited to Jeremy Bae at STG Security. |
| Vulnerable: |
SIR GNUBoard 3.40 SIR GNUBoard 3.39 SIR GNUBoard 3.38 SIR GNUBoard 3.37 SIR GNUBoard 3.36 SIR GNUBoard 3.35 SIR GNUBoard 3.34 SIR GNUBoard 3.33 SIR GNUBoard 3.32 SIR GNUBoard 3.31 SIR GNUBoard 3.30 |
| Not Vulnerable: | |
Discussion
SIR GNUBoard File Upload Extension Restriction Bypass Vulnerability
SIR GNUBoard does not properly validate file extensions of uploaded files. This could allow a remote user to upload malicious script files to the Web site running GNUBoard. These scripts could potentially be executed in the browser of a user visiting the site.
SIR GNUBoard does not properly validate file extensions of uploaded files. This could allow a remote user to upload malicious script files to the Web site running GNUBoard. These scripts could potentially be executed in the browser of a user visiting the site.
Exploit / POC
SIR GNUBoard File Upload Extension Restriction Bypass Vulnerability
An exploit is not required. This issue can be leveraged by changing the case of the file extension of a script file. For example files with .php, .cgi, .htm, and .pl extensions would be blocked, but files with .pHp, .cgI, .Htm, and .PL extensions would not.
An exploit is not required. This issue can be leveraged by changing the case of the file extension of a script file. For example files with .php, .cgi, .htm, and .pl extensions would be blocked, but files with .pHp, .cgI, .Htm, and .PL extensions would not.
Solution / Fix
SIR GNUBoard File Upload Extension Restriction Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
SIR GNUBoard File Upload Extension Restriction Bypass Vulnerability
References:
References: