Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web BBS :: etc :: hack7195.htm

JSBoard file disclosure vuln
STG Security Advisory: [SSA-20050120-22] JSBoard file disclosure vulnerability

STG Security Advisory: [SSA-20050120-22] JSBoard file disclosure

Revision 1.0
Date Published: 2005-01-20 (KST)
Last Update: 2005-01-20 (KST)
Disclosed by SSR Team ( 

JSBoard is one of widely used web BBS applications in Korea. Because of an
input validation flaw, a malicious attacker can read arbitrary files.

Vulnerability Class
Implementation Error: Input validation flaw

Medium : arbitrary file disclosure

Affected Products
JSBoard 2.0.9 and prior.

Vendor Status: FIXED
2004-12-31 Vulnerability found.
2004-12-31 JSBoard developer notified.
2005-01-02 Developer confirmed.
2005-01-02 Update version released.
2005-01-20 Official release.

PHP has a feature discarding the input values containing null characters
when magic_quotes_gpc = off. Because JSBoard session.php doesn't sanitize
$table variable, a malicious attacker can read arbitrary files.

- ---
include_once "include/print.php";
$opt = $table ? "&table=$table" : "";
$opts = $table ? "?table=$table" : "";
- ---

Proof of Concept
A local web proxy (e.g., Achilles) is required to prove the vulnerability.

http://[victim]/session.php?logins=true&m=logout&table=../../../../../../et c

Upgrade to 2.0.10 

Vendor URL

Jeremy Bae at STG Security

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH