header-logo
Suggest Exploit
vendor:
UltraBoard
by:
SecurityFocus
4.3
CVSS
MEDIUM
Directory Traversal
22
CWE
Product Name: UltraBoard
Affected Version From: 1.6
Affected Version To: 1.x
Patch Exists: NO
Related CWE: N/A
CPE: a:ultraboard:ultraboard
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2002

UltraBoard 1.6 Directory Traversal Vulnerability

UltraBoard 1.6 (and possibly all 1.x versions) is vulnerable to a directory traversal attack that will allow any remote browser to download any file that the webserver has read access to. On Windows instalations, the file must reside on the same logical drive as the webroot. In all cases, the filename and relative path from the webroot must be known to the attacker. This is accomplished through a combination of the '../' string and the usage of a null byte (x00) in the variables passed to the UltraBoard CGI.

Mitigation:

Ensure that the web server is configured to deny access to files outside of the web root directory.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1164/info

UltraBoard 1.6 (and possibly all 1.x versions) is vulnerable to a directory traversal attack that will allow any remote browser to download any file that the webserver has read access to. On Windows instalations, the file must reside on the same logical drive as the webroot. In all cases, the filename and relative path from the webroot must be known to the attacker. 

This is accomplished through a combination of the '../' string and the usage of a null byte (x00) in the variables passed to the UltraBoard CGI.

http: ://target/ultraboard.pl?action=PrintableTopic&Post=../../filename.ext\000

Navigation

Suggest Exploit

Services By CQR