what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Advisory-16.txt

Advisory-16.txt
Posted Feb 22, 2006
Authored by Paisterist | Site neosecurityteam.net

Invision Power Board 2.1.4 Multiple Full Path Disclosure Vulnerabilities.

tags | advisory, vulnerability
SHA-256 | afc8b5d91c94d44473b65e19fa3da4a01a1ee7b049738c05208ffbd89108b14d
Download | Favorite | View

Advisory-16.txt

Change Mirror Download
/*
--------------------------------------------------------
[N]eo [S]ecurity [T]eam [NST]® - Advisory #16 - 18/02/06
--------------------------------------------------------
Program: Invision Power Board 2.1.4
Homepage: http://www.invisionboard.com
Vulnerable Versions: 2.1.4 & Lower versions
Risk: Low Risk!!
Impact: Multiple Vulnerabilities.

-==Invision Power Board 2.1.4 Multiple Vulnerabilities==-
---------------------------------------------------------

- Description
---------------------------------------------------------
Invision Power Board, an award-winning scaleable bulletin 
board system, allows you to effortlessly build, manage and 
promote your online community. Advanced yet intuitive features 
like multi-moderation allow you to focus on developing your 
community, rather than wrestling with complex settings.

- Tested
---------------------------------------------------------
localhost & many forums

- Explotation
---------------------------------------------------------
-==Multiple Full Path Disclosure Vulnerabilities==-

ips_kernel/PEAR/Text/Diff/Renderer/inline.php
ips_kernel/PEAR/Text/Diff/Renderer/unified.php
ips_kernel/PEAR/Text/Diff3.php
ips_kernel/class_db.php
ips_kernel/class_db_mysql.php
ips_kernel/class_xml.php
sources/sql/mysql_admin_queries.php
sources/sql/mysql_extra_queries.php
sources/sql/mysql_queries.php
sources/sql/mysql_subsm_queries.php
sources/acp_loaders/acp_pages_components.php
sources/action_admin/member.php
sources/action_admin/paysubscriptions.php
sources/action_public/login.php
sources/action_public/messenger.php
sources/action_public/moderate.php
sources/action_public/paysubscriptions.php
sources/action_public/register.php
sources/action_public/search.php
sources/action_public/topics.php
sources/action_public/usercp.php
sources/classes/bbcode/class_bbcode.php
sources/classes/bbcode/class_bbcode_legacy.php
sources/classes/editor/class_editor_rte.php
sources/classes/editor/class_editor_std.php
sources/classes/post/class_post.php
sources/classes/post/class_post_edit.php
sources/classes/post/class_post_new.php
sources/classes/post/class_post_reply.php
sources/components_acp/registration_DEPR.php
sources/handlers/han_paysubscriptions.php
sources/lib/func_usercp.php
sources/lib/search_mysql_ftext.php
sources/lib/search_mysql_man.php
sources/loginauth/convert/auth.php.bak
sources/loginauth/external/auth.php
sources/loginauth/ldap/auth.php


-==Multiple Directory Listing Vulnerabilities==-

sources/loginauth/convert/
sources/portal_plugins/
cache/skin_cache/cacheid_2/
ips_kernel/PEAR/
ips_kernel/PEAR/Text/
ips_kernel/PEAR/Text/Diff/
ips_kernel/PEAR/Text/Diff/Renderer/
style_images/1/folder_rte_files/
style_images/1/folder_js_skin/
style_images/1/folder_rte_images/
upgrade/*/

The directory listing are not relevant, but with the full path disclosures you can get the path of the forum into the server.

- References
--------------------------------------------------------
http://neosecurityteam.net/advisories/Advisory-16.txt
http://neosecurityteam.net/index.php?action=advisories&id=16

- Solution
--------------------------------------------------------
Not yet, don't worry, this is no very unsecure.


- Credits
-------------------------------------------------
Discovered by Paisterist <paisterist.nst@gmail.com>

[N]eo [S]ecurity [T]eam [NST]® - http://neosecurityteam.net/

Got Questions? http://neosecurityteam.net/foro/


- Greets
--------------------------------------------------------
HaCkZaTaN
Daemon21
K4P0
Link
LINUX
erg0t

And the latin people

@@@@'''@@@@'@@@@@@@@@'@@@@@@@@@@@
'@@@@@''@@'@@@''''''''@@''@@@''@@
'@@'@@@@@@''@@@@@@@@@'''''@@@
'@@'''@@@@'''''''''@@@''''@@@
@@@@''''@@'@@@@@@@@@@''''@@@@@
*/

/* EOF */
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close