ZH2003-18SA (security advisory): News Wizard Path Disclosure
Published: 10 august 2003
Released: 10 august 2003
Name: News Wizard
Affected Systems: 2.0
Issue: Remote attackers can know the path of the site
Author: G00db0y zone-h org
Zone-h Security Team has discovered a flaw in News Wizard v2.0 (and older versions?) With News Wizard 2can you create, update and delete your news articles right from your web browser."
It's possible to make a malformed http request in News Wizard and in doing so trigger an error. The resulting error message will disclose potentially sensitive installation path information to the remote attacker.
The vendor has been contacted and a patch is not yet produced.
Filter all files.
G00db0y - www.zone-h.org admin
Original advisory here: http://www.zone-h.org/en/advisories/read/id=2862/