XOOPS Multiple Script Path Disclosure

2005-08-12T04:48:23
ID OSVDB:18984
Type osvdb
Reporter OSVDB
Modified 2005-08-12T04:48:23

Description

Vulnerability Description

Xoops has been reported to contain a flaw that allows a remote attacker to disclose the installation path. Subsequent inestigation revealed the issue was due to the global PHP configuration set to report error messages. The path disclosure is unrelated to the Xoops installation.

Solution Description

The vulnerability reported is incorrect. No solution required.

Short Description

Xoops has been reported to contain a flaw that allows a remote attacker to disclose the installation path. Subsequent inestigation revealed the issue was due to the global PHP configuration set to report error messages. The path disclosure is unrelated to the Xoops installation.

Manual Testing Notes

http://[target]/include/registerform.php http://[target]/include/commentform.inc.php http://[target]/include/searchform.php http://[target]/modules/contact/contactform.php

References:

Vendor URL: http://xoops.com/ Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0187.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0179.html ISS X-Force ID: 21806