|
|
| |
Discuz! - "popular web forum applications in China".
Due to input validation flaw, malicious attackers can cause the Discuz program to run arbitrary commands with the privilege of the HTTPD process. |
| |
Credit:
The information has been provided by SSR Team.
|
| |
Vulnerable Systems:
* Discuz! version 4.0.0 rc4 and prior
Discuz! doesn't properly check multiple extensions of uploaded files, allowing malicious attackers to upload a file with multiple extensions such as attach.php.php.php.php.rar to a web server.
This can be exploited to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user.
Workaround:
Exclude the RAR extension from the extension list for attached files on an administration page and wait the release of official patch.
Disclosure Timeline:
* 24.07.05 - Vulnerability found
* 25.07.05 - Vendor notified
* 12.08.05 - Official release
|
|
|
|
|
