17 lines
No EOL
968 B
Text
17 lines
No EOL
968 B
Text
Vulnerability ID: HTB22654
|
|
Reference: http://www.htbridge.ch/advisory/path_disclosure_in_mybb.html
|
|
Product: MyBB
|
|
Vendor: MyBB ( http://www.mybb.com )
|
|
Vulnerable Version: 1.6
|
|
Vendor Notification: 13 October 2010
|
|
Vulnerability Type: Path disclosure
|
|
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
|
|
Risk level: Low
|
|
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
|
|
|
|
Vulnerability Details:
|
|
The vulnerability exists due to failure in the "/forumdisplay.php" script to properly sanitize user-supplied input in mybb[forumread] variable from cookie, it's possible to generate an error that will reveal the full path of the script.
|
|
A remote user can determine the full path to the web root directory and other potentially sensitive information.
|
|
|
|
|
|
Cookie: mybb[forumread]=%4f%3a%31%3a%22%31%22%3a%31%3a%7b%73%3a%31%3a%22%31%22%3b%61%3a%32%3a%7b%69%3a%30%3b%73%3a%31%3a%22%31%22%3b%69%3a%31%3b%73%3a%31%3a%22%32%22%3b%7d%7d; |