Clever Copy Connect.INC Information Disclosure Vulnerability

Bugtraq ID:	17461
Class:	Access Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 11 2006 12:00AM
Updated:	Apr 11 2006 09:52PM
Credit:	Discovered by M.Hasran Addahroni.
Vulnerable:	Clever Copy Clever Copy 3.0
Not Vulnerable:

Clever Copy Connect.INC Information Disclosure Vulnerability


Clever Copy is prone to an information-disclosure vulnerability. A remote attacker could leverage this issue to gain access to sensitive configuration information. The attacker could then use this information to launch further attacks against the system.

Clever Copy 3.0 is affected; other versions may also be vulnerable.

Clever Copy Connect.INC Information Disclosure Vulnerability


This issue can be exploited through a web client.

The following proof of concept is available:

http://www.example.com/[clevercopy_path]/admin/connect.inc

Clever Copy Connect.INC Information Disclosure Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

Clever Copy Connect.INC Information Disclosure Vulnerability

References:

• [ECHO_ADV_28$2006] Clever Copy <= 3.0 Connect.inc Critical Information Disclosur (M.Hasran Addahroni)
  
• Clever Copy Homepage (Clever Copy)