SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Forum/Board/Portal)  >  Invision Power Board Vendors:  Invision Power Services
Invision Power Board Configuration File Permission Flaw Lets Local Users Inject Malicious Code
SecurityTracker Alert ID:  1007827
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 28 2003
Impact:  Execution of arbitrary code via local system, Modification of user information, User access via local system
Exploit Included:  Yes  
Version(s): 1.1.1
Description:  f3rm0r of Media Assasins reported a file permission vulnerability in Invision Power Board. A local user can modify a global configuration file.

It is reported that on Linux/UNIX systems, a local user can overwrite or modify the 'conf_global.php' file. This file is included by all forum sections, the report said. Therefore, code contained in the file is executed when a target user views any section of the forum.

A local user can include malicious PHP commands in the file and then execute them with the privileges of the web server process. A local user can also include malicious scripting code that will be executed by a target user's browser when the target user views the forum.
Impact:  A local user can modify a forum configuration file. The local user can insert malicious code that will be executed on the target server with the privileges of the web server or malicious scripting code that will be executed on a target user's browser when the target user views any section of the forum.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.invisionboard.com/ (Links to External Site)
Cause:  Configuration error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)
Reported By:  f3rm0r [Media Assasins] <f3rm0r@rootthief.com>
Message History:   None.

 Source Message Contents
Date:  Sat, 27 Sep 2003 12:31:51 -0700 (PDT)
From:  f3rm0r [Media Assasins] <f3rm0r@rootthief.com>
Subject:  Invision Power Board Vul.

 


Vendor URL: http://www.invisionboard.com/
Discovered by: f3rm0r of Media Assasins (rootthief.com)
__________
I have found a vulnerability in Invision Power Board.

The configuration file conf_global.php allows write access to the world.
So a local user would be able to write to the file, ex:

echo Media Assasins loves you
>> /home/loser/public_html/forums/conf_global.php
It would then be in the file conf_global.php

The reason this is bad is because when you write to that file, whatever
you right will show up on every section of the forum (index, threads,
ect..)
_____________
(http://www.rootthief.com/)
f3rm0r@rootthief.com
Media Assasins


greetz,
f3rm0r[Media Assasins]


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC