MAJOR BUG in Ikonboard v2.1.7b

Earlier today I had someone exploit a security hole in the help.cgi script that is distributed with Ikonboard. If called properly, the help.cgi will return the member files of any member, where of course, passwords are stored in plain text. All the users needs in the name of an admin (which can be eaisly obtained from the main page) to gain the admin's password. Once the user has the Admin's password, he can login to the admin center with full access and wreak havoc on your board. Here is the patch I propose untill the Ikonboard team (which has recently vanished) has a chance to provide an official patch:

if ($inhelpon =~ /members/) {
    die "HACKING ATTEMPT LOGGED $ENV{'REMOTE_ADDR'}";
}
[download]

Yes it's primitive and no it doesn't actually log the attempt, but it should protect your board from this exploit. This code should be placed on line 51 of help.cgi (right after the $inhelpon = &cleaninput($inhelpon); line).

Comment on MAJOR BUG in Ikonboard v2.1.7b Download Code

Replies are listed 'Best First'.
Re: MAJOR BUG in Ikonboard v2.1.7b by AgentM (Curate) on Mar 14, 2001 at 09:29 UTC
passwords are stored in plain text. It didn't occur to you beforehand that this would be a bad idea from the beginning regardless if it's "hackable" or not? Seriously, stay away from any system that does something THAT dumb. AgentM Systems nor Nasca Enterprises nor Bone::Easy nor Macperl is responsible for the comments made by AgentM. Remember, you can build any logical system with NOR.	[reply]
Re: Re: MAJOR BUG in Ikonboard v2.1.7b by Corion (Patriarch) on Mar 14, 2001 at 12:32 UTC
Ehrmmm - I find it sad that you intent to leave Perlmonks ;-)) Honestly, there is not much wrong with storing plaintext passwords, as long as everybody understands that these passwords are disposable and should be unique. Both, Slashdot and Perlmonks use plaintext passwords to be able to remail the passwords to users, which is insecure but very convenient.	[reply]
Re: MAJOR BUG in Ikonboard v2.1.7b by Keef (Sexton) on Mar 14, 2001 at 09:22 UTC
I know this isn't the right place for a bugfix, but their site is down and I have been unable to contact any Ikonboard team members. Due to the nature of this hole, I felt it necessary to bring it to the perl community's attention and provide a simple patch for anyone who might be using an Ikonboard at their site. Thanks for your understanding.	[reply]
Re: Re: MAJOR BUG in Ikonboard v2.1.7b by rrwo (Friar) on Mar 15, 2001 at 06:23 UTC
Isn't BugTraq or alt.security a better forum for this?	[reply]

AgentM Systems nor Nasca Enterprises nor Bone::Easy nor Macperl is responsible for the comments made by AgentM. Remember, you can build any logical system with NOR.