WebTrends Reporting Center Path Disclosure vulnerability ======================================================== Problem: ======== WebTrends Reporting Center is administrated via a web interface. It seems to be possible to disclose the physical path to the application. This information could be useful to a malicious user wishing to gain illegal access to resources on the server. Vulnerable: =========== WebTrends Reporting Center- Enterprise Edition Version: 6.1a Platform: win32 Built: 7591 Exploiting: =========== http://server:1099/viewreport.pl?profileid=dontexist (see http://www.oliverkarow.de/research/WT.jpg ) Product Description =================== See www.webtrends.com for more information :) Vendor status ============= Vendor was informed on 05/january/2004, and acknowledged the receiption of the message....thats all :( Author: ======= www.oliverkarow.de -- +++ GMX - die erste Adresse für Mail, Message, More +++ Bis 31.1.: TopMail + Digicam für nur 29 EUR http://www.gmx.net/topmail
