Ikonboard Remote File Disclosure Vulnerability

Solution:
From "Martin J. Muench" <muench@gmc-online.de>:

You could fix the script temporary by inserting the following line under line 45 in 'help.cgi':

$inhelpon =~ s/\///g;

From decker@n3t.net:

My fix for this was to simply insert as line 45:

if($inhelpon =~ /\.\./) { &hackdetected; }

then at the bottome append:

sub hackdetected {
print "Content-type: text/plain\n\n";
print "sorry, this hole was patched :)\n";
print "you have been logged.\n";
exit;
}



 

Privacy Statement
Copyright 2010, SecurityFocus