Nivisec Hacks List Admin_hacks_list.PHP Information Disclosure Vulnerability
BID:18162
CVE-2006-2693 |Info
Nivisec Hacks List Admin_hacks_list.PHP Information Disclosure Vulnerability
| Bugtraq ID: | 18162 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 30 2006 12:00AM |
| Updated: | May 30 2006 10:47PM |
| Credit: | Mustafa Can Bjorn is credited with the discovery of this vulnerability. |
| Vulnerable: |
Nivisec Nivisec Hacks List 1.2 |
| Not Vulnerable: | |
Discussion
Nivisec Hacks List Admin_hacks_list.PHP Information Disclosure Vulnerability
Nivisec Hacks List is prone to an information-disclosure vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve the contents of arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid attackers in further attacks.
Nivisec Hacks List versions 1.2 and prior are vulnerable; other versions may be affected.
Nivisec Hacks List is prone to an information-disclosure vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve the contents of arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid attackers in further attacks.
Nivisec Hacks List versions 1.2 and prior are vulnerable; other versions may be affected.
Exploit / POC
Nivisec Hacks List Admin_hacks_list.PHP Information Disclosure Vulnerability
This vulnerability may be exploited with a web client.
This vulnerability may be exploited with a web client.
Solution / Fix
Nivisec Hacks List Admin_hacks_list.PHP Information Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
References
Nivisec Hacks List Admin_hacks_list.PHP Information Disclosure Vulnerability
References:
References:
- phpBB 2.x (admin/admin_hacks_list.php) Local Inclusion Vulnerability. (Mustafa Can Bjorn)
- Nivisec Hacks List Web Site (Nivisec)