Invision Power Board Error Message Path Disclosure Vulnerability
BID:9810
Info
Invision Power Board Error Message Path Disclosure Vulnerability
| Bugtraq ID: | 9810 |
| Class: | Design Error |
| CVE: |
CVE-2004-0355 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 05 2004 12:00AM |
| Updated: | Jul 12 2009 03:06AM |
| Credit: | The disclosure of this issue has been credited to JeiAr of the GulfTech Security Research Team. |
| Vulnerable: |
Invision Power Services Invision Board 1.3 |
| Not Vulnerable: | |
Discussion
Invision Power Board Error Message Path Disclosure Vulnerability
It has been reported that Invision Power Board may be prone to an information disclosure vulnerability that may allow an attacker to disclose the installation path. This issue can be exploited by issuing an invalid request for uploading an image file. The path is reportedly included in an error message displayed by the server.
Invision Board version 1.3 is reported to be vulnerable to this issue; however, it is possible that other versions are affected as well.
It has been reported that Invision Power Board may be prone to an information disclosure vulnerability that may allow an attacker to disclose the installation path. This issue can be exploited by issuing an invalid request for uploading an image file. The path is reportedly included in an error message displayed by the server.
Invision Board version 1.3 is reported to be vulnerable to this issue; however, it is possible that other versions are affected as well.
Exploit / POC
Invision Power Board Error Message Path Disclosure Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Invision Power Board Error Message Path Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Invision Power Board Error Message Path Disclosure Vulnerability
References:
References:
- Invision Board Homepage (Invision Power Services)
- Invision Power Board "Vulnerabilities" (GulfTech)
- Invision Power Board 1.3 Final Path Disclosure Vulnerability (=?iso-8859-1?q?Shaun=20Colley?=