SparkleBlog update.php Path Disclosure

2005-01-15T01:16:20
ID OSVDB:13044
Type osvdb
Reporter Kovács László(kovacs.laszlo@metalogique.hu)
Modified 2005-01-15T01:16:20

Description

Vulnerability Description

SparkleBlog contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a specially crafted URL containing an invalid argument to the id variable is sent to the update.php script, which will disclose installation path information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

SparkleBlog contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a specially crafted URL containing an invalid argument to the id variable is sent to the update.php script, which will disclose installation path information resulting in a loss of confidentiality.

References:

Vendor URL: http://creamed-coconut.org/sparkleblog.php Security Tracker: 1012908 Secunia Advisory ID:13875 Related OSVDB ID: 13041 Related OSVDB ID: 13042 Related OSVDB ID: 13043 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-01/0527.html