P-News V² - (user.txt) Information Disclosure Vulnerability

vendor:

P-News V²

by:

Lu7k

N/A

CVSS

N/A

Information Disclosure

N/A

CWE

Product Name: P-News V²

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

P-News V² – (user.txt) Information Disclosure Vulnerability

P-News V² is vulnerable to an information disclosure vulnerability. The vulnerability exists due to the application failing to properly sanitize user-supplied input. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This will allow the attacker to view the contents of the user.txt file, which contains sensitive information.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.

Source

Exploit-DB raw data:

P-News V² -  (user.txt)  Information Disclosure Vulnerability


**************************************************************
Critical Level : Dangerous
**************************************************************
Script Download: http://download.planerd.net/dir/php
**************************************************************
Bugfounder: Lu7k
**************************************************************
Contact Me : www.school-of-hack.de or lu7k@mail.nu
**************************************************************

-----------------------------------------------------------------------------

Code:http://target/path/db/user.txt

-----------------------------------------------------------------------------

*************************************************************
Greetings: Bdrok - TheJT - MyMaster - str0ke
*************************************************************

# milw0rm.com [2006-11-28]