Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16922
HistoryMay 03, 2007 - 12:00 a.m.

Aardvark Topsites PHP Directory Disclosure Vulnerability

2007-05-0300:00:00
vulners.com
19
JSON

Aardvark Topsites PHP Directory Disclosure Vulnerability

Aardvark Topsites PHP is the premier free PHP/MySQL topsites script. An attacker can see what files are in the Directory. Knowing what is there to be executed can allow for more targeted and intelligent attacks against PHP Files known to be vulnerable listed there. A successful attack could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz

Remote: YES
Class: Improper Instalation configuration.

Vendor: http://www.aardvarktopsitesphp.com

Version: 5.1.2 and Previous versions!

  • Attackers can exploit these issues via a web client.

Exploit:

http://www.site.com/topsites/sources/

http://www.site.com/sources/

Proff of Concept: http://i17.tinypic.com/646pvtg.jpg

Security researcher? Join us: mail Zinho at zinho at hackerscenter.com

JSON