DCForum 'AZ' Field Remote Command Execution Vulnerability
DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums.
All versions of DCForum are vulnerable to remote execution of arbitrary commands.
DCForum fails to properly validate user-supplied input to the script. By inserting shell commands in submitted querystrings, an attacker can cause the script to open and parse commands in an external file on the target system.
By supplying a long path (containing '/../' sequences) an attacker can force the script to open a file from arbitrary locations on the filesystem. Commands in this file will be executed with the privilege level of the webserver - usually 'nobody'.