Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13599
HistoryJul 24, 2006 - 12:00 a.m.

DotClear : Multiples Full Path Disclosure

2006-07-2400:00:00
vulners.com
43

DotClear : Multiples Full Path Disclosure

Discovred By Silitix - Silitix_gmail_com

www.Silitix.com

A remote user can access the files directly to cause the system to display
an error message that indicates the full path of the server.

/ecrire/tools/blogroll/edit_cat.php
/ecrire/tools/blogroll/index.php
/ecrire/tools/blogroll/edit_link.php
/ecrire/tools/syslog/index.php
/ecrire/tools/thememng/index.php
/ecrire/tools/toolsmng/index.php
/ecrire/tools/utf8convert/index.php
/ecrire/inc/connexion.php
/inc/session.php
/inc/classes/class.blog.php
/inc/classes/class.blogcomment.php
/inc/classes/class.blogpost.php
/layout/append.php
/layout/class.xblog.php
/layout/class.xblogcomment.php
/layout/class.xblogpost.php
/themes/default/form.php
/themes/default/list.php
/themes/default/post.php
/themes/default/template.php