Info

Disclosure

Jun 05, 2003

Discovery

Nov 17, 2002

Dates

Exploit

Jun 05, 2003

Solution

Unknown

Description

S8Forum contains a flaw that will allow a remote attacker to execute arbitrary commands. The problem is that user-supplied input upon submission to the 'register.php' script is not verified properly. It is possible for a remote attacker to pass arbitrary commands to the server in the name, email, or password field to be executed on the system resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Kelli Shaver

S8Forum

3.0

References

Security Tracker: 1005881
ISS X-Force ID: 10974
CVE ID: 2003-1252 (see also: NVD)
Bugtraq ID: 6547
Secunia Advisory ID: 7819
Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0004.html
http://www.securityfocus.com/archive/1/305406
Other Advisory URL: http://www.it-helpnet.de/bugless/bugs.php?mode=show&id=13&SID=
Vendor URL: http://www.kellishaver.com/

Credit

NaSsEr .M.Sh - nmsh_sayahoo.com -

Direct URL: http://osvdb.org/36218