Computer Security

Security Advisory: DotClear : Multiples Full Path Disclosure
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  PHP Live! v3.2 (header.php) Remote File Include Vulnerabilities

  [KurdishVanilla CMS <= 1.0.1 (RootDirectory)
Remote file inclusion Vuln.]

  [Kurdish Security # 14] MoSpray [base_dir] Remote Command Execution [ Mambo & Joomla]

  [MajorSecurity #23] BLOG:CMS <= 4.0.0j - XSS and cookie disclosure

From:Silitix <silitix_(at)_gmail.com>
Date:24.07.2006
Subject:DotClear : Multiples Full Path Disclosure

# DotClear : Multiples Full Path Disclosure
# Discovred By Silitix - Silitix_gmail_com
# www.Silitix.com

A remote user can access the files directly to cause the system to display
an error message that indicates the full path of the server.

/ecrire/tools/blogroll/edit_cat.php
/ecrire/tools/blogroll/index.php
/ecrire/tools/blogroll/edit_link.php
/ecrire/tools/syslog/index.php
/ecrire/tools/thememng/index.php
/ecrire/tools/toolsmng/index.php
/ecrire/tools/utf8convert/index.php
/ecrire/inc/connexion.php
/inc/session.php
/inc/classes/class.blog.php
/inc/classes/class.blogcomment.php
/inc/classes/class.blogpost.php
/layout/append.php
/layout/class.xblog.php
/layout/class.xblogcomment.php
/layout/class.xblogpost.php
/themes/default/form.php
/themes/default/list.php
/themes/default/post.php
/themes/default/template.php
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru