E-Xoops highlight.php Information Disclosure

2005-03-19T06:15:55
ID OSVDB:14890
Type osvdb
Reporter NT()
Modified 2005-03-19T06:15:55

Description

Vulnerability Description

E-Xoops contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker invokes highlight.php to view the source code of mainfile.php, which will disclose database connection information, including the password resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

E-Xoops contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker invokes highlight.php to view the source code of mainfile.php, which will disclose database connection information, including the password resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/Exoops/class/debug/highlight.php?file=c:\phpdev\www\Exoops\mainfile.php&line=151#151

References:

Vendor URL: http://www.e-xoops.com Vendor URL: http://www.runcms.org Security Tracker: 1013485 Secunia Advisory ID:14648 Other Advisory URL: http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt