Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:806 |
Message | WEB-CGI yabb directory traversal attempt |
Summary | This event is generated when an attempt is made to access a file outside the root directory of a webserver running YaBB.cgi. |
Impact | Information disclosure. |
Detailed Information | YaBB.cgi is widely used web-based BBS script. Due to input validation problems in YaBB, a remote attacker can traverse the directory structure and view any files and view any file that a webserver has access to. This event indicates that a remote attacker has attempted to view a file outside the webservers root directory. |
Affected Systems | YaBB YaBB 9.1.2000 |
Attack Scenarios | An attacker issues the following command on port 80 of the webserver: GET http://target/cgi-bin/YaBB.pl?board=news&action=display&num=../../../../../../../../etc/passwd%00 HTTP/1.0 |
Ease of Attack | Simple. No exploit software required. |
Corrective Action | Update to the latest non-affected version of the software. |
Additional References | |
Rule References | arachnids: 462 bugtraq: 1668 cve: 2000-0853 nessus: 10512 |
--
DID:224781
--
http://www.aanval.com/