Vikingboard debug information disclosure

Wednesday, July 25, 2007
#################################################
Vikingboard debug information disclosure
Vendor url:http://vikingboard.com/
Advisore:http://lostmon.blogspot.com/2007/07/
vikingboard-debug-information.html
vendor notify:yes exploit include:yes
#################################################


Vikingboard is a PHP-based community board designed by
the principle of “less is more”, and features a powerful
web-based extension-system, a lighting-fast cache system
and dynamic web update. Small, but incredibly fast and powerful.



Vikingboard has a weakness, which can be exploited by malicious
people to disclose some system information.

The weakness is caused due to a design error where debug
information can be disclosed by specifying the "debug" parameter.



################
versions
################

Vikingboard 0.1.2


################
Solution:
################

No solution was available at this time !!!

################
TimeLine
################

Discovered: 20-07-2007
vendor notify: 25-07-2007
vendor response:
disclosure: 25-07-2007


#####################
Examples
#####################


http://localhost/viking/forum.php?f=1&debug=1
http://localhost/viking/cp.php?mode=10&debug=1
http://localhost/viking/cp.php?&debug=1

################# €nd ############################

--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
Post by Lostmon in 1:40:00 AM
Categories: , , ,
 

Browse

About:Me

My blog:http://lostmon.blogspot.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com

La curiosidad es lo que hace
mover la mente...