Vulnerabilities > CVE-2001-0437 - Unspecified vulnerability in Dcscripts Dcforum and Dcforum 2000

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

dcscripts

nessus

NVD

Published: 2001-07-02

Updated: 2024-11-20

Summary

upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload arbitrary files without authentication by setting the az parameter to upload_file.

Vulnerable Configurations

Part	Description	Count
Application	Dcscripts Dcscripts Dcforum 2.0 Dcscripts Dcforum 1.0 Dcscripts Dcforum 3.0 Dcscripts Dcforum 5.0 Dcscripts Dcforum 6.0 Dcscripts Dcforum 4.0 Dcscripts Dcforum 2000 1.0	7

Nessus

NASL family	CGI abuses
NASL id	DCFORUM.NASL
description	The DCForum dcboard.cgi script is installed. This CGI has some well known security flaws, including one that lets an attacker execute arbitrary commands with the privileges of the web server.
last seen	2020-06-01
modified	2020-06-02
plugin id	10583
published	2000-12-29
reporter	This script is Copyright (C) 2000-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/10583
title	DCForum dcboard.cgi Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(10583); script_version ("1.33"); script_cve_id("CVE-2001-0436", "CVE-2001-0437"); script_bugtraq_id(2611); script_name(english:"DCForum dcboard.cgi Multiple Vulnerabilities"); script_summary(english:"Checks for the presence of /cgi-bin/dcforum"); script_set_attribute( attribute:"synopsis", value: "The remote web server is hosting a CGI known to have multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "The DCForum dcboard.cgi script is installed. This CGI has some well known security flaws, including one that lets an attacker execute arbitrary commands with the privileges of the web server." ); # https://web.archive.org/web/20020227074916/http://archives.neohapsis.com/archives/bugtraq/2001-04/0269.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?92384774" ); script_set_attribute( attribute:"solution", value:"Remote this script from /cgi-bin." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2000/12/29"); script_set_attribute(attribute:"vuln_publication_date", value: "2003/03/31"); script_cvs_date("Date: 2018/06/13 18:56:26"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2000-2018 Tenable Network Security, Inc."); script_dependencie("http_version.nasl", "find_service1.nasl", "no404.nasl"); script_require_ports("Services/www", 80); script_exclude_keys("Settings/disable_cgi_scanning"); exit(0); } # # The script code starts here # include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); dirs = list_uniq(make_list('/dcforum', cgi_dirs())); foreach dir (dirs) { url = string( dir, "/dcforum.cgi?az=list&forum=../../../../../../../etc/passwd%00" ); r = http_send_recv3(method:"GET", item:url, port:port); if (isnull(r)) exit(0); if(egrep(pattern:".root:.:0:[01]:.*", string:r[2])) { security_hole(port); exit(0); } }

Summary

Vulnerable Configurations

Nessus

References