Advanced Poll info.php System Information Disclosure

2003-10-25T09:13:47
ID OSVDB:3292
Type osvdb
Reporter OSVDB
Modified 2003-10-25T09:13:47

Description

Vulnerability Description

The PHP web application, Advanced Poll, contains a flaw that may allow a malicious user to sensitive information about the server. The issue is triggered when a request is made to the misc/info.php script that is included with a standard installation. This script simply executes the phpinfo() function and displays the results. It is possible that the flaw may allow an unauthorized remote user to view server path information, environment variables, and internal version numbers of installed libraries.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

The PHP web application, Advanced Poll, contains a flaw that may allow a malicious user to sensitive information about the server. The issue is triggered when a request is made to the misc/info.php script that is included with a standard installation. This script simply executes the phpinfo() function and displays the results. It is possible that the flaw may allow an unauthorized remote user to view server path information, environment variables, and internal version numbers of installed libraries.

References:

Vendor URL: http://www.proxy2.de/scripts.php Secunia Advisory ID:10068 Related OSVDB ID: 3291 Related OSVDB ID: 2743 Other Advisory URL: http://packetstormsecurity.nl/0310-exploits/php.advanced.poll.txt Other Advisory URL: http://www.phpsecure.info/v2/tutos/frog/AdvancedPoll2.0.2.txt Other Advisory URL: http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0019.html Nessus Plugin ID:11487 ISS X-Force ID: 13515 CVE-2003-1181 Bugtraq ID: 7171