AnyBoard Discloses System Information to Remote Users
|
|
SecurityTracker Alert ID: 1007563
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Aug 25 2003
|
Impact: Disclosure of system information, Disclosure of user information
|
Exploit Included: Yes
|
Version(s): 9.9
|
Description: CyberTalon reported an information disclosure vulnerability in the AnyBoard forum software. A remote user can view system information.
It is reported that a remote user can access the following URL on a target system to obtain information about the AnyBoard application and the web server:
http://[target]/cgi-bin/anyboard.cgi/?cmd=sinfo&all=1
|
Impact: A remote user can determine system information, including the system installation path, the web server, the forum configuration file location, and various configuration options.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: netbula.com/anyboard/ (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
Reported By: cyber talon <cyber_talon@hotmail.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Sat, 23 Aug 2003 20:58:49 -0300
From: cyber talon <cyber_talon@hotmail.com>
Subject: AnyBoard v??? Discloses sensitive information to remote users
|
AnyBoard v??? Discloses sensitive information to remote users
Found by: CyberTalon
1. Problem
2. Exploit
3. Info
1. Anyboard v??? discloses very sensitive information about the host's
server, software, directorys, and more. (Note: Version tested was not
identified, but possibly 5.x)
2. www.siterunninganyboard.com/cgi-bin/anyboard.cgi/?cmd=sinfo&all=1
3. Vendor URL: http://netbula.com/anyboard
-CT
_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail
|
|
