[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : DCForum Major security issues

Title: DCForum Major security issues
Released by: cgisecurity.com
Date: 27th December 2000
Printable version: Click here
                        [Cgi Security Advisory #2]


                       DCForum Major security issues


November 16th 2000 


Vendor contacted


Vendor patch issued


Public release

November 2000

Script Effected: DCForum

Price: $69 Personal, $99 Commercial

Versions effected:

All versions of DCForum

1.0 - 6.0(Current)


UNIX, Linux, Windows NT, 

and Windows 2000





1. Impact

Any file can be read with the permissions of user nobody(or webserver)

Posible root comprimise in /dcforum/dcboard.cgi script.Command execution

is not allowed. (Read Only) This has only been tested on unix and linux

versions and is unknown if windows versions are effected.

2. Damage caused

It causes the deletion of dcboard.cgi if you ask it to view its own

source. Cause for this is unknown as of now since I do not have the 


For the above reason I cannot release the exploit itself at this point in

time. I would release it but it caused to much damage by "clicking on a

link". If it simply gave you passwd file that would be one thing but it

deleted data and perhaps more not know of yet.

3. Fixes

The vendor has been contacted about this serious security problem.

A patch was issued within 1 hour of the finding of this hole.

This vendor was quick to respond.


Below is a copy of the vendor patch as issued on there website.


1. DCForum Security Bug!!! Nov-14-00 01:44 AM 

        DCForum Security Alert!!! Affects all versions of DCForum.


        An anonymous user has reported a security alert. Please make this


        as soon as possible.

        FIX - In dcboard.cgi and dcadmin.cgi, after

        $r_in = \%in;


        $r_in->{'forum'} =~ s/\W//g;

        Please apply this patch as soon as possible.


Published to the Public November 2000

Copyright September 2000 Cgisecurity.com

(C) 1999-2000 All rights reserved.