DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php Description: The DigiOz Guestbook is a PHP driven guestbook system. The vulnerability exists in list.php script which allows remote attackers to obtain sensitive information via an HTTP request to list.php that contains wrong value in page parameter. This causes sensitive information to be leaked in an error message. External References: Mitre CVE: CVE-2006-5651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5651 NVD NIST : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5651 OSVDB : 29985 http://www.osvdb.com/displayvuln.php?osvdb_id=29985 Vulnerable Systems: DigiOz Guestbook version 1.7 and earlier http://www.digioz.com/phpscripts.php Non-Vulnerable Systems: DigiOz Guestbook version 1.7.1 and later http://www.digioz.com/phpscripts.php Summary: DigiOz Guestbook is a popular Open-Source guestbook system for easy embedding into your own web-site. A security problem in the product allows attackers to gather the true path of the server-side script. Release Date: November 2 2006 Vulnerability Type: Input Validation error - The list.php script has a flaw which leads to a Fatal Error. This is an input validation fault when the script is not testing the data passed. Vendor Status: The Vendor has been notified and has released a new version DigiOz Guestbook 1.7.1 that fixed the problem. Patch can be downloaded here : http://www.digioz.com/guestbook/guestbook_v1_7_1.zip Severity Metrics: Risk: Low CVSS Metrics Access Vector: Remote Access Complexity: Low Authentication: not-required Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None Impact Bias: Normal CVSS Base Score: 2.3 Target Distribution on Internet: Low Exploitability: Functional Exploit Remediation Level: Official Fix Report Confidence: confirmed Vulnerability Impact: Attack Host Impact: Path disclosure. Example: HTTP REQUEST http://[TARGET]/[DigiOz Guestbook-directory]/list.php?page=%60&order=asc REPLY ... toolbar.jpg" height="20"></td></tr><tr><td><b>Date: </b><br /> <b>Notice</b>: Undefined offset: 11 in <b>D:\WWWRoot\<username>\list.php</b> on line <b>78</b><br /> <br /> <b>Fatal error</b>: Call to a member function showDate() on a non-object in <b>D:\WWWRoot\<username>\list.php</b> on line <b>78</b><br /> ... URL of Original Advisory: http://www.netvigilance.com/advisory0005 Credit: Jesper Jurcenoks Co-founder netVigilance, Inc. www.netvigilance.com