• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

YaBB Forum Profile CRLF Injection Remote Privilege Escalation Vulnerability

YaBB Forum is prone to a remote privilege-escalation vulnerability because the application fails to properly sanitize user-supplied input before writing it to a configuration file.

Successfully exploiting this issue allows remote attackers to gain administrative privileges in the web application and to execute arbitrary Perl script code in the context of the hosting webserver. This may facilitate the remote compromise of affected computers.

YaBB Forum 2.1 is vulnerable to this issue; other versions may also be affected.