[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: HTB22796: Path disclousure in DBHcms
From: advisory () htbridge ! ch
Date: 2011-01-27 8:38:16
Message-ID: 201101270838.p0R8cGw4077120 () htbridge ! ch
[Download RAW message or body]
Vulnerability ID: HTB22796
Reference: http://www.htbridge.ch/advisory/path_disclousure_in_dbhcms.html
Product: DBHcms
Vendor: Kai-Sven Bunk ( http://www.drbenhur.com/ )
Vulnerable Version:
Vendor Notification: 13 January 2011
Vulnerability Type: Path disclosure
Status: Awaiting Vendor Response
Risk level: Low
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing \
(http://www.htbridge.ch/)
Vulnerability Details:
The vulnerability exists due to failure in the \
"/dbhcms/ext/news/ext.news.settings.php" script, it's possible to generate an error \
that will reveal the full path of the script. A remote user can determine the full \
path to the web root directory and other potentially sensitive information.
http://host/dbhcms/ext/news/ext.news.settings.php
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic