PHPNuke 5.5/6.0 AvantGo Module Path Disclosure Vulnerability

2003-03-12T00:00:00
ID EDB-ID:22347
Type exploitdb
Reporter Rynho Zeros Web
Modified 2003-03-12T00:00:00

Description

PHPNuke 5.5/6.0 AvantGo Module Path Disclosure Vulnerability. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/7078/info

The AvantGo module for PHPNuke has been reported prone to a vulnerability which, when exploited, may disclose sensitive path information to a remote attacker.

An attacker may use the information gathered in this manner to mount further attacks against the host.

This vulnerability was reported to affect the AvantGo module shipped with PHPNuke version 5.5 and 6.0 it has been suggested that other versions may also be affected.

http://www.example.com/modules.php?name=AvantGo&file=print&sid=
http://www.example.com/modules.php?name=AvantGo&file=print&sid=[Any_Text]