BID:12906

Nuke Bookmarks Marks.php Path Disclosure Vulnerability

Info

Nuke Bookmarks Marks.php Path Disclosure Vulnerability

Bugtraq ID:	12906
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	Yes
Local:	No
Published:	Mar 26 2005 12:00AM
Updated:	Mar 26 2005 12:00AM
Credit:	Discovery credited to Gerardo Astharot Di Giacomo <[email protected]>.
Vulnerable:	Nuke Bookmarks Nuke Bookmarks 0.6

Not Vulnerable:

Discussion

Nuke Bookmarks Marks.php Path Disclosure Vulnerability

Nuke Bookmarks is prone to a path disclosure issue when invalid data is submitted.

This issue can allow an attacker to access sensitive data that may be used to launch further attacks against a vulnerable computer.

Exploit / POC

Nuke Bookmarks Marks.php Path Disclosure Vulnerability

No exploit is required.

The following proof of concept URIs were supplied:
http://www.example.com/modules.php?name=Bookmarks&file=marks
http://www.example.com/modules.php?name=Bookmarks&file=marks&category=1\'

Solution / Fix

Nuke Bookmarks Marks.php Path Disclosure Vulnerability

Solution:
The vendor has addressed this issue in Nuke Bookmarks 0.7.

Nuke Bookmarks Nuke Bookmarks 0.6

Nuke Bookmarks Nuke Bookmarks 0.7
http://prdownloads.sourceforge.net/nukebookmarks/bookmarks-0.7.tgz?dow nload

References

Nuke Bookmarks Marks.php Path Disclosure Vulnerability

References:

Home Page (Nuke Bookmarks)
ZH2005-03SA -- multiple vulnerabilities in NukeBookmarks .6 (Gerardo Astharot Di Giacomo )