| VID |
21292 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The UPB(Ultimate PHP Board) is vulnerable to an unauthorized information disclosure vulnerability.
UPB is a freely available, open source PHP Bulletin Board. It is available for the Unix, Linux, and Windows operating systems. By default, the files in the 'data_dir' (<upb-install-dir>/db) are viewable remotely. Files in this directory contain private board member information, resulting in an private information disclosure by a malicious attacker. This information could be used to launch further attacks against the affected server.
You could test manually by using the following URLs:
- http://[target]/upd/db/users.dat
- http://[target]/board/db/user.dat
* References:
http://www.osvdb.org/4928
http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html
http://archives.neohapsis.com/archives/bugtraq/2002-12/0071.html
* Platforms Affected:
MyUPB Ultimate PHP Board 1.9
MyUPB Ultimate PHP Board 1.8
MyUPB Ultimate PHP Board 1.7
MyUPB Ultimate PHP Board 1.6
MyUPB Ultimate PHP Board 1.5
Microsoft Windows Any version
Unix Any version |
| Recommendation |
Upgrade to version 1.9.6 or higher, which was reported to fix this vulnerability, as available from MyUPB Web site at http://www.myupb.com .
As a workaround, protect the '/db/' with ".htaccess" or change the source code of Ultimate PHP Board so that 'users.dat' may be placed outside the web server root. |
| Related URL |
CVE-2002-2276 (CVE) |
| Related URL |
6333 (SecurityFocus) |
| Related URL |
10788 (ISS) |
|
