header-logo
Suggest Exploit
vendor:
Burning Board
by:
linc0ln.dll
4.3
CVSS
MEDIUM
Full Path Disclosure
200
CWE
Product Name: Burning Board
Affected Version From: 3.1.2005
Affected Version To: 3.1.2005
Patch Exists: NO
Related CWE: N/A
CPE: a:woltlab:burning_board:3.1.5
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7
2011

Burning Board 3.1.5 Full Path Disclosure

Burning Board 3.1.5 is vulnerable to Full Path Disclosure. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. This will allow the attacker to view the full path of the application.

Mitigation:

Ensure that the application does not disclose the full path of the application. Implement proper input validation and output encoding.
Source

Exploit-DB raw data:

---------------------------------------------------------------------
Exploit Title : Burning Board 3.1.5 Full Path Disclosure
---------------------------------------------------------------------

Author      : linc0ln.dll
Date        : 19/06/11
Site        : http://linc0ln.pl/
@  	    : linc0ln[at]e-o-u.org
---------------------------------------------------------------------

Description >

Category    : WebApps
Dork        : "Powered by Burning Board"
Vendor 	    : http://www.woltlab.com/
Tested On   : Windows 7
---------------------------------------------------------------------

FPD         >

>> http://127.0.0.1/[path]/index.php?s[]=FPD
---------------------------------------------------------------------

---------------------------------------------------------------------

\ \  / /                 /\
-HACKED-  \\{__}//      /((\
/ /  \ \   \|aa|/        ) )
 _____vvvV__(oo)__Vvvv__(_(_
|            ``             |
|      .::Greetz To::.      |
| [synthelyps.c]  [fight3r] |
| [Mario_Vs]      [n1k0n3r] |
| [EoU Team]  [Skynet Crew] |
| And All The Other Friends |
|___________________________|
             ';;;;;(  )`
               \ \/ \ \//
              _/_/ _/ /
             vvvV^ Vvvv

Navigation

Suggest Exploit

Services By CQR