Jax Petitionbook formmailer.log User Sent Mail Disclosure

2005-08-05T00:32:57
ID OSVDB:18574
Type osvdb
Reporter Lostmon Lords(Lostmon@gmail.com)
Modified 2005-08-05T00:32:57

Description

Vulnerability Description

Jax Petitionbook contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a direct request to the formmailer.log file occurs, which will disclose IP addresses and message content information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Jax Petitionbook contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a direct request to the formmailer.log file occurs, which will disclose IP addresses and message content information resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/petitionbook/formmailer.log

References:

Vendor URL: http://www.jtr.de/scripting/php/ Related OSVDB ID: 18573 Related OSVDB ID: 18575 Related OSVDB ID: 18576 Other Advisory URL: http://lostmon.blogspot.com/2005/08/jax-php-scripts-multiple.html Bugtraq ID: 14481