Website Generator spaw_control.class.php Direct Request Path Disclosure

2005-07-18T06:14:54
ID OSVDB:18155
Type osvdb
Reporter rgod(retrogod@aliceposta.it)
Modified 2005-07-18T06:14:54

Description

Vulnerability Description

Website Generator contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when a remote attacker makes a dierct request to the spaw_control.class.php script, which will disclose the installation path resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Website Generator contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when a remote attacker makes a dierct request to the spaw_control.class.php script, which will disclose the installation path resulting in a loss of confidentiality.

Manual Testing Notes

http://[target]/[path]/spaw/spaw_control.class.php

References:

Vendor URL: http://www.freehostshop.com/files/index.php?id=1 Security Tracker: 1014535 Related OSVDB ID: 18156 Related OSVDB ID: 18158 Related OSVDB ID: 18161 Related OSVDB ID: 18163 Related OSVDB ID: 18157 Related OSVDB ID: 18159 Related OSVDB ID: 18160 Related OSVDB ID: 18162