Advisories : UltraBoard cgi directory permission problem

main menu

- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news

discussions

- read forum
- new topic
- search

meetings

- meetings list
- recent additions
- add your info

top 100 sites

- visit top sites
- sign up now
- members

webmasters

- add your url
- add domain
- search box
- link to us

projects

- our projects
- free email

m4d network

- security software
- secureroot
- m4d.com

Home : Advisories : UltraBoard cgi directory permission problem

Title:	UltraBoard cgi directory permission problem
Released by:	mat@hacksware.com
Date:	12th January 2001
Printable version:	Click here

   Hacksware Bug Report



1. Name: UltraBoard cgi directory permission problem

2. Release Date: 2001.1.12

3. Affected Application:

 UltraBoard 2000 Personal Edition

 Version 2.11

 http://www.ub2k.com/downloads/UB211PEB1.zip

4. Author: mat@hacksware.com

5. Type: Configuration Error

6. Explanation

 In default installation, following Directories below ub2k cgi installtion directory have 777 permission.

  ./Private/Skins

  ./Private/Database

  ./Private/Backups

 You can add some cgi scripts to theses directories and can gain webserver uid.

7. Exploits

 Refer to Explation.

8. Solution

 chmod 755 `find  -perm 777`

  ub2k cgi directory: the directory where you installed ub2k cgi files.



=================================================

|               mat@hacksware.com               |

|             http://hacksware.com              |

=================================================