JSBoard is "one of widely used web BBS applications in Korea". However, an input validation flaw in JSBoard allows a malicious attackers to run arbitrary commands with the privileges of the HTTPD process, which is typically run as the nobody user.
Credit:
The information has been provided by SSR Team.
Vulnerable Systems:
* JSBoard version 2.0.8 and prior
* JSBoard version JSBoard 1.3.11 and prior
Immune Systems:
* JSBoard version 2.0.9 or newer
* JSBoard version JSBoard 1.3.12 or newer
JSBoard doesn't implemented any type of check in "include/parse.php" for multiple extensions of uploaded files, e.g. attack.php.rar. Therefore, malicious attackers can upload arbitrary script files (PHP, pl, CGI, etc) to a web server. This is vulnerability is caused by Apache's MIME module (mod_mime), which regards attack.php.rar as a normal PHP file and execute the file through mod_php module with the privilege of the HTTPD process.
Disclosure Timeline:
2004-12-08 Vulnerability found
2004-12-08 JSBoard developer notified
2004-12-09 Update version released
2004-12-15 Official release
