eTicket index.php Multiple Variable Path Disclosure

2007-06-27T00:00:00
ID OSVDB:34785
Type osvdb
Reporter OSVDB
Modified 2007-06-27T00:00:00

Description

Technical Description

This vulnerability is only present when the display_errors PHP option is 'on'.

Manual Testing Notes

http://[target]/[PRODUCT FOLDER]/index.php?name[]=1 http://[target]/[PRODUCT FOLDER]/index.php?email[]=1 http://[target]/[PRODUCT FOLDER]/index.php?phone[]=1 http://[target]/[PRODUCT FOLDER]/index.php?subject[]=1

References:

Other Advisory URL: http://www.netvigilance.com/advisory0030 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0579.html Keyword: netVigilance Security Advisory #30 ISS X-Force ID: 35122 CVE-2007-2800