w-Agora delete_forum.php Path Disclosure

2007-03-19T00:00:00
ID OSVDB:31668
Type osvdb
Reporter Laurent Gaffié(laurent.gaffie@gmail.com)
Modified 2007-03-19T00:00:00

Description

Vulnerability Description

w-Agora contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a specially-crafted URL request with an invalid parameter is passed to delete_forum.php, leading to a fatal error due to a call to an undefined function msgform() in delete_forum.php. The error information discloses the true path of the server-side scripts, resulting in a loss of confidentiality.

Technical Description

================== REQUEST ================== http://[TARGET]/[w-agora-directory]/delete_forum.php?remove_site=1&cfg_dir=1&bn=1&ext=1&bn=&site_cfg_file=1

================== REPLY ================== ... <!--error--><br /> <b>Fatal error</b>: Call to undefined function: msgform() in <b> http://[TARGET]/[w-agora-directory]\delete_forum.php</b> on line <b>22</b><br /> <script language=JavaScript src='/errors__/phperror_js.php'></script> ...

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): 1) Set PHP register_globals to Off. 2) Disable warning messages by modifying the following in php.ini: display_errors = Off. 3) Modify the .htaccess file (this will only work on Apache servers).

Short Description

w-Agora contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a specially-crafted URL request with an invalid parameter is passed to delete_forum.php, leading to a fatal error due to a call to an undefined function msgform() in delete_forum.php. The error information discloses the true path of the server-side scripts, resulting in a loss of confidentiality.

References:

Other Advisory URL: http://www.netvigilance.com/advisory0014 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0254.html ISS X-Force ID: 33076 CVE-2007-0606