DotBr config.inc Information Disclosure

2003-02-15T00:00:00
ID OSVDB:5092
Type osvdb
Reporter Frog Man(leseulfrog@hotmail.com)
Modified 2003-02-15T00:00:00

Description

Vulnerability Description

DotBr contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when requesting the 'config.inc' file, which will disclose sensitive system information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

DotBr contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when requesting the 'config.inc' file, which will disclose sensitive system information resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/config.inc

References:

Related OSVDB ID: 5091 Related OSVDB ID: 5089 Related OSVDB ID: 5090 Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0070.html ISS X-Force ID: 11354 Bugtraq ID: 6865