lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060105102723.2334.qmail@securityfocus.com>
Date: 5 Jan 2006 10:27:23 -0000
From: eufrato@...il.com
To: bugtraq@...urityfocus.com
Subject: [ECHO_ADV_25$2006] Full path disclosure on boastMachine v3.1


____________________   ___ ___ ________
\_   _____/\_   ___ \ /   |   \\_____  \  
 |    __)_ /    \  \//    ~    \/   |   \ 
 |        \\     \___\    Y    /    |    \
/_______  / \______  /\___|_  /\_______  /
        \/         \/       \/         \/ 

					.OR.ID
ECHO_ADV_25$2006

---------------------------------------------------------------------------
         [ECHO_ADV_25$2006] Full path disclosure on boastMachine v3.1 
---------------------------------------------------------------------------

Author       : M.Hasran Addahroni
Date         : January, 5th 2006
Location     : Indonesia
Web          : http://echo.or.id/adv/adv26-K-159-2006.txt

---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

BoastMachine

version    : v3.1
Vendor     : http://boastology.com
Description: boastMachine is an aplication software to built blog, support
with mysql and php

---------------------------------------------------------------------------

Vulnerabilities:
~~~~~~~~~~~~~~~~
In the folder /templates/default/ A remote user can access footer.php and side_menu.php directly to cause the system to display an error message that indicates the installation path. The resulting error message will disclose potentially sensitive installation path information to the remote attacker

    
Proof of Concept:
~~~~~~~~
 (i) http://victim/[boastMachine_path]/templates/default/side_menu.php 
  
  http://localhost/blog/templates/default/side_menu.php

  Warning: Failed opening 'CFG_ROOT/calendar.php' for inclusion  (include_path='.:/usr/lib/php') in 
 /var/www/html/blog/templates/default/side_menu.php on line 3

  Fatal error: Call to undefined function: bmc_show_list() in 
  /var/www/html/blog/templates/default/side_menu.php  on line 10

  
 (ii) http://victim/[boastMachine_path]/templates/default/footer.php
   
   http://localhost/blog/templates/default/footer.php

   Warning: Failed opening 'CFG_ROOT/reflog.php' for inclusion (include_path='.:/usr/lib/php') in
  /var/www/html/blog/templates/default/footer.php on line 20

   Warning: Failed opening 'CFG_ROOT/users_online.php' for inclusion (include_path='.:/usr/lib/php') in 
  /var/www/html/blog/templates/default/footer.php on line 23

Solution:
~~~~~~~~~
For User and do not know how to fix the script , change php.ini file setting then turn on log_errors , and turn off display_error

---------------------------------------------------------------------------
Shoutz:
~~~~~~~

~ y3dips, moby, comex, z3r0byt3, the_day, c-a-s-e, S`to, lirva32, anonymous
~ masterpop3, biatch-x, bithedz, Lieur-Euy, mr_Ny3m, maSter-oP, stev, sinChan, cowok_1seng, x`shell, m_beben, etc
~ newbie_hacker@...oogroups.com 
~ #e-c-h-o, #aikmel @irc.dal.net
---------------------------------------------------------------------------
Contact:
~~~~~~~~

     K-159 || echo|staff || eufrato[at]gmail[dot]com
     Homepage: http://k-159.echo.or.id/

-------------------------------- [ EOF ] ----------------------------------


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ