Bugtraq mailing list archives
YaBBSe 1.5.5c Path disclosure problem
From: "priestmaster" <priest () priestmaster org>
Date: Thu, 14 Jul 2005 10:04:46 +0200
-------------------------------------------------------------------- -------- Team priestmasters YabbSE 1.5.5c Path disclosure ---------- -------------------------------------------------------------------- Software Vendor: http://sourceforge.net/projects/yabbse/ A path disclosure vuln exist in the ssi_examples.php file. Exploitation is simple: http://www.yoursite.com/pathtoforum/ssi_examples.php The script show us the full path. Solution: Remove ssi_examples.php. The file isn't needed by the forum. Mail : priest () priestmaster org Url : http://www.priestmaster.org greets, priestmaster Mail: <priest () priestmaster org> URL: http://www.priestmaster.org
Current thread:
- YaBBSe 1.5.5c Path disclosure problem priestmaster (Jul 14)