Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11536
HistoryFeb 22, 2006 - 12:00 a.m.

Invision Power Board 2.1.4 Multiple Vulnerabilities

2006-02-2200:00:00
vulners.com
8

/*

[N]eo [S]ecurity [T]eam [NST]В® - Advisory #16 - 18/02/06

Program: Invision Power Board 2.1.4
Homepage: http://www.invisionboard.com
Vulnerable Versions: 2.1.4 & Lower versions
Risk: Low Risk!!
Impact: Multiple Vulnerabilities.

-==Invision Power Board 2.1.4 Multiple Vulnerabilities==-

  • Description

Invision Power Board, an award-winning scaleable bulletin
board system, allows you to effortlessly build, manage and
promote your online community. Advanced yet intuitive features
like multi-moderation allow you to focus on developing your
community, rather than wrestling with complex settings.

  • Tested

localhost & many forums

  • Explotation

-==Multiple Full Path Disclosure Vulnerabilities==-

ips_kernel/PEAR/Text/Diff/Renderer/inline.php
ips_kernel/PEAR/Text/Diff/Renderer/unified.php
ips_kernel/PEAR/Text/Diff3.php
ips_kernel/class_db.php
ips_kernel/class_db_mysql.php
ips_kernel/class_xml.php
sources/sql/mysql_admin_queries.php
sources/sql/mysql_extra_queries.php
sources/sql/mysql_queries.php
sources/sql/mysql_subsm_queries.php
sources/acp_loaders/acp_pages_components.php
sources/action_admin/member.php
sources/action_admin/paysubscriptions.php
sources/action_public/login.php
sources/action_public/messenger.php
sources/action_public/moderate.php
sources/action_public/paysubscriptions.php
sources/action_public/register.php
sources/action_public/search.php
sources/action_public/topics.php
sources/action_public/usercp.php
sources/classes/bbcode/class_bbcode.php
sources/classes/bbcode/class_bbcode_legacy.php
sources/classes/editor/class_editor_rte.php
sources/classes/editor/class_editor_std.php
sources/classes/post/class_post.php
sources/classes/post/class_post_edit.php
sources/classes/post/class_post_new.php
sources/classes/post/class_post_reply.php
sources/components_acp/registration_DEPR.php
sources/handlers/han_paysubscriptions.php
sources/lib/func_usercp.php
sources/lib/search_mysql_ftext.php
sources/lib/search_mysql_man.php
sources/loginauth/convert/auth.php.bak
sources/loginauth/external/auth.php
sources/loginauth/ldap/auth.php

-==Multiple Directory Listing Vulnerabilities==-

sources/loginauth/convert/
sources/portal_plugins/
cache/skin_cache/cacheid_2/
ips_kernel/PEAR/
ips_kernel/PEAR/Text/
ips_kernel/PEAR/Text/Diff/
ips_kernel/PEAR/Text/Diff/Renderer/
style_images/1/folder_rte_files/
style_images/1/folder_js_skin/
style_images/1/folder_rte_images/
upgrade/*/

The directory listing are not relevant, but with the full path disclosures you can get the path of the forum
into the server.

  • References

http://neosecurityteam.net/advisories/Advisory-16.txt
http://neosecurityteam.net/index.php?action=advisories&id=16

  • Solution

Not yet, don't worry, this is no very unsecure.

  • Credits

Discovered by Paisterist <[email protected]>

[N]eo [S]ecurity [T]eam [NST]В® - http://neosecurityteam.net/

Got Questions? http://neosecurityteam.net/foro/

  • Greets

HaCkZaTaN
Daemon21
K4P0
Link
LINUX
erg0t

And the latin people

@@@@'''@@@@'@@@@@@@@@'@@@@@@@@@@@
'@@@@@''@@'@@@''''''''@@''@@@''@@
'@@'@@@@@@''@@@@@@@@@'''''@@@
'@@'''@@@@'''''''''@@@''''@@@
@@@@''''@@'@@@@@@@@@@''''@@@@@
*/

/* EOF */