Vulnerabilities > CVE-2006-2318 - Input Validation vulnerability in IdealBB
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Incomplete blacklist vulnerability in Ideal Science Ideal BB 1.5.4a and earlier allows remote attackers to upload and execute an ASP script via a ".asa" file, which bypasses the check for the ".asp" extension but is executable on the server. This vulnerability is addressed in the following product release: Ideal Science, Ideal BB, 1.5.4b
Vulnerable Configurations
Nessus
| NASL family | CGI abuses |
| NASL id | IBB_154B.NASL |
| description | The remote host is running Ideal BB, an ASP-based forum software. According to its banner, the version of Ideal BB installed on the remote host reportedly allows an attacker to upload files with arbitrary ASP code, to view files under the web root, and to launch SQL injection and cross-site scripting attacks. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 21337 |
| published | 2006-05-11 |
| reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/21337 |
| title | IdealBB < 1.5.4b Multiple Vulnerabilities (XSS, SQLi, Upload, Traversal) |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045887.html
- http://secunia.com/advisories/20035
- http://securityreason.com/securityalert/871
- http://www.idealscience.com/ibb/posts.aspx?postID=24415
- http://www.osvdb.org/25456
- http://www.securityfocus.com/archive/1/433248/100/0/threaded
- http://www.securityfocus.com/bid/17920
- http://www.vupen.com/english/advisories/2006/1729
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26353