Computer Security

Security Advisory: Vulnerability: Bitrix Web Server Paths
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  PHP, ASP, CGI web applications security vulnerabilities

  [SA15736] amaroK Web Frontend Exposure of User Credentials

  [SA15738] Contelligent Preview Privilege Escalation Vulnerability

  [SA15735] XAMPP "lang.php" Script Insertion and Information Disclosure

  [SA15705] ATutor Cross-Site Scripting Vulnerabilities

From:D_BuG <d_bug_(at)_bk.ru>
Date:16.06.2005
Subject:Vulnerability: Bitrix Web Server Paths

Vendor: Bitrix
Product:Bitrix Site Manager 4.0.x

Consequences: Web server paths
Risk: Minimal

Description: during executions of
http://host/bitrix/templates/.default/subscribe/subscr_form.php
http://host /bitrix/php_interface/dbquery_error.php
there got an erros which is causing web server internal path information availability

Google search: inurl: /bitrix/

Discoveried By D_BuG d_bug@bk.ru
NemesisSecurityTeam
http://nemesisoftware.com/

CheckZond free v. 1.0 http://nemesisoftware.com/products.htm
uses the vulnerabilities above for automatic vulnerabilities search (Google Hacking technique) and usage.

--
Best regards,
D_BuG                          mailto:d_bug@bk.ru

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server