Multiple Tor World CGI Scripts Remote Script Execution Vulnerability

Bugtraq ID:	31105
Class:	Input Validation Error
CVE:	CVE-2008-4076
Remote:	Yes
Local:	No
Published:	Sep 10 2008 12:00AM
Updated:	May 07 2015 05:24PM
Credit:	Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc
Vulnerable:	Tor World Tor Board 1.3 Tor World Topics BBS 1.11 Tor World Simple BBS 1.86 Tor World Interactive BBS 1.57
Not Vulnerable:

Multiple Tor World CGI Scripts Remote Script Execution Vulnerability

Multiple Tor World CGI scripts are prone to a remote script-execution vulnerability because the software fails to adequately sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the affected applications and possibly the underlying system; other attacks are also possible.

The following applications are vulnerable:

Simple BBS 1.86 and prior
Interactive BBS 1.57 and prior
Topics BBS 1.11 and prior
Tor Board 1.3 and prior

Multiple Tor World CGI Scripts Remote Script Execution Vulnerability

An attacker can exploit this issue via a browser.

Multiple Tor World CGI Scripts Remote Script Execution Vulnerability

Solution:
The vendor has released updates. Please see the references for more information.

Multiple Tor World CGI Scripts Remote Script Execution Vulnerability

References:

• Tor World Homepage (Tor World)
  
• JVN#18616622 Multiple Tor World CGI scripts vulnerable to arbitrary script execu (JVN)
  
• Tor World Advisory 2008/09/05 (Tor World)