MS Analysis for PHP-Nuke mstrack.php Installation Path Disclosure

2004-03-22T09:57:44
ID OSVDB:16643
Type osvdb
Reporter Janek Vind "waraxe"(come2waraxe@yahoo.com)
Modified 2004-03-22T09:57:44

Description

Vulnerability Description

MS Analysis contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker requests the 'mstrack.php' script without arguments, which will disclose the physical path of the web server resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

MS Analysis contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker requests the 'mstrack.php' script without arguments, which will disclose the physical path of the web server resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/nuke70/modules/MS_Analysis/mstrack.php

References:

Vendor URL: http://www.matyscripts.com/ Secunia Advisory ID:11203 Related OSVDB ID: 4544 Related OSVDB ID: 4545 Related OSVDB ID: 4543 Related OSVDB ID: 16642 Related OSVDB ID: 4929 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0216.html Keyword: waraxe-2004-SA#011 CVE-2004-1839