Simple Machines Forum 2.0.3 Path Disclosure

2013.01.04
Credit: WHK Yan
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: inurl:?index.php?action=help

*Summary:* -------------- A security flaw allows an attacker to know the full path of the web system. *Details: ----------- *SSI.php Line 294: // Fetch a post with a particular ID. By default will only show if you have permission to the see the board in question - this can be overriden. function ssi_fetchPosts($post_ids, $override_permissions = false, $output_method = 'echo') { $post_id is not defined. Possible fix: ($post_id = false) *PoC: ------- *http://example.com/forumpath/SSI.php?ssi_function=fetchPosts *Google Dorks: --------------------- *inurl:?index.php?action=help *Demos: ----------- *http://simpleportal.net/SSI.php?ssi_function=fetchPosts http://www.furgovw.org/SSI.php?ssi_function=fetchPosts http://www.teachmideast.com/forum_old/SSI.php?ssi_function=fetchPosts http://www.slowracing.com/jaxfox/SSI.php?ssi_function=fetchPosts http://www.iptv2you.com/board/SSI.php?ssi_function=fetchPosts http://voceteopr.com/SSI.php?ssi_function=fetchPosts http://www.thesilverball.com/SSI.php?ssi_function=fetchPosts http://othforums.com/SSI.php?ssi_function=fetchPosts http://www.skinmod.eu/SSI.php?ssi_function=fetchPosts Referer and Mirror: ------------------------- http://whk.drawcoders.net/index.php/topic,2792.0.html

References:

http://whk.drawcoders.net/index.php/topic,2792.0.html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top