PhpMyFactures verif.php Direct Request Path Disclosure

2006-06-10T10:18:58
ID OSVDB:26486
Type osvdb
Reporter DarkFig(gmdarkfig@gmail.com)
Modified 2006-06-10T10:18:58

Description

Vulnerability Description

PhpMyFactures contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the verif.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

PhpMyFactures contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the verif.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Manual Testing Notes

http://[target]/verif.php

References:

Vendor URL: http://www.comscripts.com/scripts/php.phpmyfactures.1475.html Secunia Advisory ID:20642 Related OSVDB ID: 26478 Related OSVDB ID: 26467 Related OSVDB ID: 26477 Related OSVDB ID: 26487 Related OSVDB ID: 26488 Other Advisory URL: http://www.acid-root.new.fr/advisories/phpmyfactures.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0248.html CVE-2006-3091