Bugtraq mailing list archives
Re: Ikonboard v2.1.7b "show files" vulnerability
From: Darren Mobley <decker () n3t net>
Date: Mon, 12 Mar 2001 05:27:38 -0500
Version 2.16b is vulnerable to this attack as well. My fix for this was to simply insert as line 45: if($inhelpon =~ /\.\./) { &hackdetected; } then at the bottome append: sub hackdetected { print "Content-type: text/plain\n\n"; print "sorry, this hole was patched :)\n"; print "you have been logged.\n"; exit; } Ok course you could change this to whatever.. All of the valid helpfiles should be in the same directory as help.cgi, so this *should* work.. -darren ---------------------------------- E-Mail: decker () n3t net http://n3t.net "Finem Respice" ----------------------------------
Current thread:
- Ikonboard v2.1.7b "show files" vulnerability Martin J. Muench (Mar 12)
- Re: Ikonboard v2.1.7b "show files" vulnerability Darren Mobley (Mar 12)