Mambo Site Server 4.0.11 Path Disclosure Vulnerability

2002-12-12T00:00:00
ID EDB-ID:22087
Type exploitdb
Reporter euronymous
Modified 2002-12-12T00:00:00

Description

Mambo Site Server 4.0.11 Path Disclosure Vulnerability. CVE-2002-2288. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/6387/info

A vulnerability has been discovered in Mambo Site Server. Requesting the 'index.php' script with an invalid parameter will cause an error page to be generated containing the path of the Mambo script.

Information obtained by exploiting this issue may aid an attacker in launching further attacks against a target server.

It should be noted that this vulnerability was reported in Mambo Site Server 4.0.11. It is not yet known whether other versions are affected.

http://www.example.com/mambo/index.php?Itemid=invalidparameter