Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Aardvark Topsites PHP Directory Disclosure Vulnerability
From: DoZ () HackersCenter com
Date: 2 May 2007 23:08:38 -0000
Aardvark Topsites PHP Directory Disclosure Vulnerability


Aardvark Topsites PHP is the premier free PHP/MySQL topsites script. An attacker can see what files are in the 
Directory. Knowing what is there to be executed can allow for more targeted and intelligent attacks against PHP Files 
known to be vulnerable listed there. A successful attack could allow an attacker to compromise the application, access 
or modify data, or exploit vulnerabilities in the underlying database implementation.



Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz


Remote: YES
Class: Improper Instalation configuration.



Vendor: http://www.aardvarktopsitesphp.com

Version: 5.1.2 and Previous versions!




* Attackers can exploit these issues via a web client.


Exploit:

http://www.site.com/topsites/sources/

http://www.site.com/sources/


Proff of Concept: http://i17.tinypic.com/646pvtg.jpg



Security researcher? Join us: mail Zinho at zinho at hackerscenter.com

  By Date           By Thread  

Current thread:
  • Aardvark Topsites PHP Directory Disclosure Vulnerability DoZ (May 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]