About Failure:
The Full Path Disclosure vulnerability, when it occurs, exposes the full path of a particular file and the user on your server. These two information make life easier for an attacker. First he will know where the files are and his attempts will be directed. According to him, he can perform a brute-force attack and gain access to the server.
Example:
http://localhost/website.com/wp-content/plugins/image-upload-for-bbpress/bbp-image-upload.php
https://localhost/wp-content/plugins/image-upload-for-bbpress-pro/admin/display.php
https://localhost/wp-content/plugins/image-upload-for-bbpress-pro/admin/stats.php
https://localhost/wp-content/plugins/image-upload-for-bbpress-pro/admin/limits.php
# 0day.today [2018-01-17] #