+++ to secure your transactions use the Bitcoin Mixer Service +++

 

We need Your Support. Make a Donation now! or Buy Me A Coffee

Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Ikonboard v2.1.7b "show files" vulnerability

From: Darren Mobley <decker () n3t net>
Date: Mon, 12 Mar 2001 05:27:38 -0500
Version 2.16b is vulnerable to this attack as well.

My fix for this was to simply insert as line 45:

if($inhelpon =~ /\.\./) { &hackdetected; }

then at the bottome append:

sub hackdetected {
print "Content-type: text/plain\n\n";
print "sorry, this hole was patched :)\n";
print "you have been logged.\n";
exit;
}

Ok course you could change this to whatever..

All of the valid helpfiles should be in the same directory as help.cgi,
so this *should* work..

-darren
----------------------------------
E-Mail: decker () n3t net
http://n3t.net
"Finem Respice"
----------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: