Info

Disclosure

Mar 19, 2005

Discovery

Unknown

Dates

Exploit

Mar 19, 2005

Solution

Unknown

Description

E-Xoops contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker invokes highlight.php to view the source code of mainfile.php, which will disclose database connection information, including the password resulting in a loss of confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Solution: Solution Unknown
Exploit: Exploit Public
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

E-Xoops

1.05 Rev3

References

Security Tracker: 1013485
Bugtraq ID: 12848
Secunia Advisory ID: 14641 14648
ISS X-Force ID: 19754
CVE ID: 2005-0828 (see also: NVD)
Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=111117241923006&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=111125645312693&w=2
Vendor URL: http://www.e-xoops.com
http://www.runcms.org
Other Advisory URL: http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt
http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf

Credit

NT - Iran Hackers Sabotage

Direct URL: http://osvdb.org/14890