eFiction phpinfo.php Information Disclosure

2005-11-25T08:33:38
ID OSVDB:21126
Type osvdb
Reporter rgod(retrogod@aliceposta.it)
Modified 2005-11-25T08:33:38

Description

Vulnerability Description

eFiction contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote user accesses the phpinfo.php script occurs, which will disclose system information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

eFiction contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote user accesses the phpinfo.php script occurs, which will disclose system information resulting in a loss of confidentiality.

Manual Testing Notes

http://[target]/[path]/phpinfo.php

References:

Vendor URL: http://www.efiction.wallflowergirl.com/index.php Security Tracker: 1015273 Secunia Advisory ID:17777 Related OSVDB ID: 21122 Related OSVDB ID: 21118 Related OSVDB ID: 21125 Related OSVDB ID: 21119 Related OSVDB ID: 21120 Related OSVDB ID: 21121 Related OSVDB ID: 21123 Related OSVDB ID: 21124 Other Advisory URL: http://rgod.altervista.org/efiction2_xpl.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-11/0301.html ISS X-Force ID: 23377 CVE-2005-4173 Bugtraq ID: 15568