Main Menu
Network
Sponsor
Top 10 Sites
Partners
|
|
Top Submit newsSubscribe 
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
| Sponsored links | Want to become one of our authors and see your work published on ALLSeek.iNFO ?
| | Invision Power Board Configuration File Permission Flaw Lets Local Users Inject Malicious Code |
|---|
Categorie: Vulnerability
Posted: 2003-09-30 by ReCall
Views: 418
Source: Click here
| Current Rating: Not rated
|
| | Details |
|---|
Description: f3rm0r of Media Assasins reported a file permission vulnerability in Invision Power Board. A local user can modify a global configuration file.
It is reported that on Linux/UNIX systems, a local user can overwrite or modify the 'conf_global.php' file. This file is included by all forum sections, the report said. Therefore, code contained in the file is executed when a target user views any section of the forum.
A local user can include malicious PHP commands in the file and then execute them with the privileges of the web server process. A local user can also include malicious scripting code that will be executed by a target user's browser when the target user views the forum.
Impact: A local user can modify a forum configuration file. The local user can insert malicious code that will be executed on the target server with the privileges of the web server or malicious scripting code that will be executed on a target user's browser when the target user views any section of the forum.
Solution: No solution was available at the time of this entry.
| | Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=487
| | User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
| Previous articleBack to news listNext article
|
|
|
|
InterJOB.su
|
