Info

Disclosure

Mar 31, 2003

Discovery

Unknown

Dates

Exploit

Apr 16, 2001

Solution

Unknown

Description

DCForum contains a flaw that allows a remote attacker to execute commands remotely. The issue is due to the dcboard.cgi file not properly sanitizing the "az=" hidden field. If an attacker changes this field to include an arbitrary file with perl commands, they will be executed by the vulnerable server during script processing.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, DCScripts.com has released a patch to address this vulnerability.

Products

DCScripts

DCForum 2000

1.0

References

CVE ID: 2001-0437 (see also: NVD)
Bugtraq ID: 2611
Related OSVDB ID: 3862 3867
ISS X-Force ID: 6393
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-04/0269.html
http://archives.neohapsis.com/archives/bugtraq/2001-04/0275.html
http://archives.neohapsis.com/archives/bugtraq/2001-04/0304.html
Vendor Specific Solution URL: http://www.dcscripts.com/FAQ/sec_2001_03_31.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/3861