XMB Forum 1.6 Magic Lantern Log File Vulnerabilities

ID EDB-ID:21448
Type exploitdb
Reporter frog
Modified 2002-05-11T00:00:00


XMB Forum 1.6 Magic Lantern Log File Vulnerabilities. Webapps exploit for php platform

                                            source: http://www.securityfocus.com/bid/4722/info

XMB Forum 1.6 Magic Lantern allows remote users to conduct activities in the forum while bypassing normal logging functions. This is accomplished by submitting an arbitrary string as the "analized" variable to index.php. Log information is written only if this variable is empty, so submitting a string to it bypassing the logging.

In addition, log files (index_log.log and cplogfile.log) may be written with improper permissions allowing users to retrieve them with a browser.