bbs_forum.cgi Directory Traversal

vendor:

bbs_forum.cgi

by:

SecurityFocus

7.5

CVSS

HIGH

Directory Traversal

CWE

Product Name: bbs_forum.cgi

Affected Version From: 1

Affected Version To: 1

Patch Exists: YES

Related CWE: CVE-2001-0206

CPE: a:extropia:bbs_forum:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2001

bbs_forum.cgi Directory Traversal

bbs_forum.cgi is a popular Perl cgi script from eXtropia.com. It fails to properly validate user-supplied, URL-encoded input to the read environment variable. Maliciously-formed URLs submitted to the script may contain references to files on the host's filesystem, as well as shell commands which will be run with the privilege level of the webserver. As a result, unpatched affected versions of the script permit an attacker to execute arbitrary code and to read arbitrary files on the vulnerable system.

Mitigation:

Upgrade to the latest version of bbs_forum.cgi

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2177/info

bbs_forum.cgi is a popular Perl cgi script from eXtropia.com. It supports the creation and maintenance of web-based threaded discussion forums.

Version 1.0 of bbs_forum.cgi fails to properly validate user-supplied, URL-encoded input to the read environment variable. Maliciously-formed URLs submitted to the script may contain references to files on the host's filesystem, as well as shell commands which will be run with the privilege level of the webserver (ie, user 'nobody'). As a result, unpatched affected versions of the script permit an attacker to execute arbitrary code and to read arbitrary files on the vulnerable system. 

www.web*site.com/cgi-bin/bbs_forum.cgi?forum=<forum_name>&read=../../../../../../etc/hosts.allow

note: The section: <forum_name> must be a valid forum on the webserver.