TUCoPS :: Web BBS :: Frequently Exploited :: hack7018.htm

YaBBSe 1.5.5c Path disclosure problem ExP:
YaBBSe 1.5.5c Path disclosure problem 

--------------------------------------------------------------------
-------- Team priestmasters YabbSE 1.5.5c Path disclosure ----------
--------------------------------------------------------------------

Software Vendor:
http://sourceforge.net/projects/yabbse/ 

A path disclosure vuln exist in the ssi_examples.php
file. Exploitation is simple:

http://www.yoursite.com/pathtoforum/ssi_examples.php 

The script show us the full path.

Solution: Remove ssi_examples.php. The file isn't
needed by the forum.

Mail : priest@priestmaster.org 
Url : http://www.priestmaster.org 

greets,

priestmaster


Mail:  
URL: http://www.priestmaster.org

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH