[39632] in bugtraq
YaBBSe 1.5.5c Path disclosure problem
daemon@ATHENA.MIT.EDU (priestmaster)
Thu Jul 14 16:35:05 2005
Date: Thu, 14 Jul 2005 10:04:46 +0200
Message-Id: <200507141004.AA1018823248@priestmaster.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
From: "priestmaster" <priest@priestmaster.org>
Reply-To: <priest@priestmaster.org>
To: <bugtraq@securityfocus.com>
--------------------------------------------------------------------
-------- Team priestmasters YabbSE 1.5.5c Path disclosure ----------
--------------------------------------------------------------------
Software Vendor:
http://sourceforge.net/projects/yabbse/
A path disclosure vuln exist in the ssi_examples.php
file. Exploitation is simple:
http://www.yoursite.com/pathtoforum/ssi_examples.php
The script show us the full path.
Solution: Remove ssi_examples.php. The file isn't
needed by the forum.
Mail : priest@priestmaster.org
Url : http://www.priestmaster.org
greets,
priestmaster
Mail: <priest@priestmaster.org>
URL: http://www.priestmaster.org
