[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    HTB22796: Path disclousure in DBHcms
From:       advisory () htbridge ! ch
Date:       2011-01-27 8:38:16
Message-ID: 201101270838.p0R8cGw4077120 () htbridge ! ch
[Download RAW message or body]

Vulnerability ID: HTB22796
Reference: http://www.htbridge.ch/advisory/path_disclousure_in_dbhcms.html
Product: DBHcms
Vendor: Kai-Sven Bunk ( http://www.drbenhur.com/ ) 
Vulnerable Version: 
Vendor Notification: 13 January 2011 
Vulnerability Type: Path disclosure
Status: Awaiting Vendor Response
Risk level: Low 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing \
(http://www.htbridge.ch/) 

Vulnerability Details:
The vulnerability exists due to failure in the \
"/dbhcms/ext/news/ext.news.settings.php" script, it's possible to generate an error \
that will reveal the full path of the script. A remote user can determine the full \
path to the web root directory and other potentially sensitive information.

http://host/dbhcms/ext/news/ext.news.settings.php


[prev in list] [next in list] [prev in thread] [next in thread]