Fullpath disclosure in Blue Magic Board 5.5

2006-09-15T00:00:00
ID SECURITYVULNS:DOC:14289
Type securityvulns
Reporter Securityvulns
Modified 2006-09-15T00:00:00

Description

Blue Magic Board (BMB) is nice forum system written by http://bmforum.com Some file error and show fullpath. I test newest version, maybe all older versions are infected.

http://domain.ext/[bmb_path]/footer.php http://domain.ext/[bmb_path]/header.php http://domain.ext/[bmb_path]/include/db/db_mysql_error.php http://domain.ext/[bmb_path]/datafile/langlist.php http://domain.ext/[bmb_path]/datafile/sendmail.php http://domain.ext/[bmb_path]/datafile/style.php

This was reported Admin but haven't received reply yet.