Vikingboard may disclose sensitive information via the debug variable.
d8ec1b54380cdc906a660ece72c26a22cdd39b072675e97aa92cad332dc7e9d8#################################################
Vikingboard debug information disclosure
Vendor url:http://vikingboard.com/
Advisore:http://lostmon.blogspot.com/2007/07/
vikingboard-debug-information.html
vendor notify:yes exploit include:yes
#################################################
Vikingboard is a PHP-based community board designed by
the principle of "less is more", and features a powerful
web-based extension-system, a lighting-fast cache system
and dynamic web update. Small, but incredibly fast and powerful.
Vikingboard has a weakness, which can be exploited by malicious
people to disclose some system information.
The weakness is caused due to a design error where debug
information can be disclosed by specifying the "debug" parameter.
################
versions
################
Vikingboard 0.1.2
################
Solution:
################
No solution was available at this time !!!
################
TimeLine
################
Discovered: 20-07-2007
vendor notify: 25-07-2007
vendor response:
disclosure: 25-07-2007
#####################
Examples
#####################
http://localhost/viking/forum.php?f=1&debug=1
http://localhost/viking/cp.php?mode=10&debug=1
http://localhost/viking/cp.php?&debug=1
################# €nd ############################
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed