Aardvark Topsites PHP index.php Path Disclosure

2003-12-16T00:00:00
ID OSVDB:3378
Type osvdb
Reporter JeiAr(jeiar@gulftech.org)
Modified 2003-12-16T00:00:00

Description

Vulnerability Description

Aardvark Topsites PHP contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker supplies a null or invalid graph to the index.php script, which will disclose path information resulting in a loss of confidentiality.

Solution Description

Upgrade to version 4.1.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Aardvark Topsites PHP contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker supplies a null or invalid graph to the index.php script, which will disclose path information resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/index.php?a=graph&id=1&type=

References:

Vendor URL: http://www.aardvarkind.com Secunia Advisory ID:10453 Other Advisory URL: http://www.gulftech.org/12162003b.php Nessus Plugin ID:11957 ISS X-Force ID: 14021 Bugtraq ID: 9231