Уведомление о безопасности: DotClear : Multiples Full Path Disclosure

[RU] switch to
English Version

Дополнительная информация
  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
  PHP Live! v3.2 (header.php) Remote File Include Vulnerabilities
  [KurdishVanilla CMS <= 1.0.1 (RootDirectory)
Remote file inclusion Vuln.]
  [Kurdish Security # 14] MoSpray [base_dir] Remote Command Execution [ Mambo & Joomla]
  [MajorSecurity #23] BLOG:CMS <= 4.0.0j - XSS and cookie disclosure

From: Silitix <silitix_(at)_gmail.com>
Date: 24 июля 2006 г.
Subject: DotClear : Multiples Full Path Disclosure

# DotClear : Multiples Full Path Disclosure
# Discovred By Silitix - Silitix_gmail_com
# www.Silitix.com

A remote user can access the files directly to cause the system to display
an error message that indicates the full path of the server.

/ecrire/tools/blogroll/edit_cat.php
/ecrire/tools/blogroll/index.php
/ecrire/tools/blogroll/edit_link.php
/ecrire/tools/syslog/index.php
/ecrire/tools/thememng/index.php
/ecrire/tools/toolsmng/index.php
/ecrire/tools/utf8convert/index.php
/ecrire/inc/connexion.php
/inc/session.php
/inc/classes/class.blog.php
/inc/classes/class.blogcomment.php
/inc/classes/class.blogpost.php
/layout/append.php
/layout/class.xblog.php
/layout/class.xblogcomment.php
/layout/class.xblogpost.php
/themes/default/form.php
/themes/default/list.php
/themes/default/post.php
/themes/default/template.php

test server