BID:13277

AZ Bulletin Board Attachment Parameter Remote Directory Traversal Vulnerability

Info

AZ Bulletin Board Attachment Parameter Remote Directory Traversal Vulnerability

Bugtraq ID:	13277
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 20 2005 12:00AM
Updated:	Apr 20 2005 12:00AM
Credit:	James Bercegay is credited with the discovery of this issue.
Vulnerable:	AZ Bulletin Board AZbb 1.0.7 c AZ Bulletin Board AZbb 1.0.7 b AZ Bulletin Board AZbb 1.0.7 a

Not Vulnerable:	AZ Bulletin Board AZbb 1.0.8

Discussion

AZ Bulletin Board Attachment Parameter Remote Directory Traversal Vulnerability

A remote directory traversal vulnerability affects AZ Bulletin Board. This issue is due to a failure of the application to sanitize user-supplied data prior to using it to access the host computer's file system.

An attacker may leverage this issue to reveal the existence of arbitrary files on an affected computer.

Exploit / POC

AZ Bulletin Board Attachment Parameter Remote Directory Traversal Vulnerability

No exploit is required to leverage this issue.

Solution / Fix

AZ Bulletin Board Attachment Parameter Remote Directory Traversal Vulnerability

Solution:
The vendor has released an upgrade dealing with this issue.

AZ Bulletin Board AZbb 1.0.7 a

AZ Bulletin Board AZBB 1.0.08
http://azbb.cyaccess.com/azbb.php?1091872271

AZ Bulletin Board AZbb 1.0.7 b

AZ Bulletin Board AZBB 1.0.08
http://azbb.cyaccess.com/azbb.php?1091872271

AZ Bulletin Board AZbb 1.0.7 c

AZ Bulletin Board AZBB 1.0.08
http://azbb.cyaccess.com/azbb.php?1091872271

References

AZ Bulletin Board Attachment Parameter Remote Directory Traversal Vulnerability

References:

AZbb Change Log (AZ Bulletin Board)
AZbb Home Page (AZ Bulletin Board)
Multiple Security Issues Found In AZBB ("GulfTech Security Research" )