Gekko <=0.8.2 (temp directory) Path Disclosure

2007-11-29T00:00:00
ID SECURITYVULNS:DOC:18528
Type securityvulns
Reporter Securityvulns
Modified 2007-11-29T00:00:00

Description

Gekko <=0.8.2 (temp directory) Path Disclosure

Download:

http://www.gekkoware.org/

Bug found by JosS / Jose Luis Gуngora Fernбndez

Contact: sys-project[at]hotmail.com

Spanish Hackers Team

www.spanish-hackers.com

/server irc.freenode.net /join #fullsecure

d0rk: "Powered by Gekko"

Stop lammer

[*] sensitive directory:

temp/ temp/ip.blacklist temp/cache/ .temp/logs/ - temp/logs/access.log - temp/logs/actions.log - temp/logs/messages.log - temp/logs/warning.log

http://www.example.com/PATH/temp/ http://www.example.com/gekko/temp/

You can see sensitive information of the user [example]:

[09/09/2007 04:10:37] (uid=1) admin@189.151.32.69 [Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.6) Gecko/20070723 Iceweasel/2.0.0.6 (Debian-2.0.0.6-1)] /modules/blog/actions.php -- blog: created new entry with title 'Semana GNU'

//---------------------------------------\\

Greetz To: All Hackers JosS! / Jose Luis Gуngora Fernбndez