YaBBSe 1.5.5c Path disclosure problem

Date July 15, 2005

Software Vendor:

http://sourceforge.net/projects/yabbse/

A path disclosure vuln exist in the ssi_examples.php
file. Exploitation is simple:

http://www.yoursite.com/pathtoforum/ssi_examples.php

The script show us the full path.

Solution: Remove ssi_examples.php. The file isn’t
needed by the forum.

Mail : priest@priestmaster.org
Url : http://www.priestmaster.org

greets,

priestmaster

Category Posted in Exploits and Bugs

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>