Plugin ID | 17 |
Plugin name | AtomicBoard prior 0.9.42 Directory Traversal |
Plugin filename | AtomicBoard prior 0.9.42 Directory Traversal.plugin |
Plugin filesize | 3483 bytes |
Plugin family | CGI |
Plugin created name | Marc Ruef |
Plugin created email | marc dot ruef at computec dot ch |
Plugin created web | http://www.computec.ch |
Plugin created company | computec.ch |
Plugin created date | 2003/11/13 |
Plugin updated name | Marc Ruef |
Plugin updated email | marc dot ruef at computec dot ch |
Plugin updated web | http://www.computec.ch |
Plugin updated company | computec.ch |
Plugin updated date | 2004/11/13 |
Plugin version | 2.0 |
Plugin changelog | Changed the Vulnerability Class into Directory Traversal and also the plugin name in version 1.3. Enhanced the solution in version 1.4. Corrected the plugin structure and added the accuracy values in 1.5. Improved the pattern matching and added the changelog in 2.0 |
Plugin protocol | tcp |
Plugin port | 80 |
Plugin procedure exploit | open|send /atomicboard/index.php?location=../../../../../../../../../../../../../../../etc/passwd HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# ### *root:* |
Plugin exploit accuracy | 99 |
Plugin comment | This plugin was written with the ATK Attack Editor. |
Bug published name | gr00vy |
Bug published date | 2003/07/25 |
Bug produced name | AtomicBoard Team |
Bug produced web | http://cal007300.student.utwente.nl/atomicboard/ |
Bug affected | AtomicBoard prior 0.9.42 |
Bug not affected | AtomicBoard 0.9.42 and newer |
Bug vulnerability class | Directory Traversal |
Bug description | The AtomicBoard is a set of PHP scripts. These provide the functionality of a web board. There is the possibility to read arbitrary files on the host by supplying a filename to the 'location' argument of the file index.php. |
Bug solution | Do not use Atomic Board yet. The developer does not recommend the use of Atomic Board in production systems. The project has been stopped. Or you habe to upgrade to AtomicBoard 0.9.42. Then also limit unwanted connections and communications with firewalling if possible. |
Bug fixing time | 30 minutes |
Bug exploit availability | Yes |
Bug exploit url | http://www.securityfocus.com/bid/8236/exploit/ |
Bug remote | Yes |
Bug local | Yes |
Bug severity | High |
Bug popularity | 7 |
Bug simplicity | 7 |
Bug impact | 8 |
Bug risk | 7 |
Bug Nessus risk | Serious |
Bug check tools | Nessus is able to do the same check. |
Source SecurityFocus BID | 8236 |
Source Secunia ID | 9355 |
Source Nessus ID | 11795 |
Source Literature | Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427 |
Source Misc. | http://secunia.com/product/1906/ |