Home page logo

bugtraq logo Bugtraq mailing list archives

ZH2003-18SA (security advisory): News Wizard Path Disclosure
From: G00db0y <G00db0y () zone-h org>
Date: 10 Aug 2003 16:05:09 -0000

ZH2003-18SA (security advisory): News Wizard Path Disclosure

Published: 10 august 2003

Released: 10 august 2003

Name: News Wizard

Affected Systems: 2.0

Issue: Remote attackers can know the path of the site

Author: G00db0y () zone-h org

Vendor: http://www.imediasoftware.com/products/newswizard/



Zone-h Security Team has discovered a flaw in News Wizard v2.0 (and older
versions?) With News Wizard 2can you create, update and delete your news 
articles right from your web browser."


It's possible to make a malformed http request in News Wizard and in doing 
trigger an error. The resulting error message will disclose potentially 
installation path information to the remote attacker.





The vendor has been contacted and a patch is not yet produced.



Filter all files. 

G00db0y - www.zone-h.org admin

Original advisory here: http://www.zone-h.org/en/advisories/read/id=2862/

  By Date           By Thread  

Current thread:
  • ZH2003-18SA (security advisory): News Wizard Path Disclosure G00db0y (Aug 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]