For Support and Advertisement you can contact  701491310 c0defire@xmpp.jp
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[Patch] IPB < 3.4.2 Full Path Disclosure (ASCII) [Patch]
03-16-2013, 08:49 PM,
Post: #1
[Patch] IPB < 3.4.2 Full Path Disclosure (ASCII) [Patch]
Hello frnds..
Today i wiil tell you how to secure your IPB 3.4.2 < versions from Full Path Disclosure..

# Vulnerability: Full Path Disclosure
# Solution: Upgrade to version 3.4.3

#But no need upgrade in this tut :P



It works on v.3.4.2 and less.
Will be patched in v.3.4.3.

To reproduce this issue do this:
Hidden Content:
You must reply to see links
[]=date&search_term=trolololo

Guilty is variable 'search_app_filters' which wait to receive doubled-array(forums][sortKey]).
If it doesn't get it correctly then errors with Full Path show up.

Normal request would looks like this:

Hidden Content:
You must reply to see links
[forums][sortKey]=date&search_term=trolololo



#How To Secure : Open your cpanel > Open file manager > Open Forum root folder

#Make a new file as "php.ini"

#Open php.ini in text editer

# paste this command

Quote:display_errors = Off

#Save and close.

Bingo your Vulnerability Patched :)

Thnkx for reading my tut...
in next tut i will tell you "How to secure your forum from server rooting"..

Need help ! just ping me Blackhat
Jabber : c0defire@xmpp.jp
ICQ : 701491310

Quote
For Support and Advertisement you can contact  701491310 c0defire@xmpp.jp
03-15-2019, 05:27 AM,
Post: #2
RE: [Patch] IPB &lt; 3.4.2 Full Path Disclosure (ASCII) [Patch]
its great thank you bro!!
Quote


Possibly Related Threads...
Thread Author Replies Views Last Post
[Leak] Acunetix Web Vulnerability Scanner 9.5 [Full Version] -=_ Cyber Warrior _=- 65 32,352 02-05-2019, 05:30 AM
Last Post: mrroboto
[Tutorial] Sqlmap Vs Havij (Full HD) - 2017 JK-EXPLOITER 0 1,471 07-31-2017, 01:13 PM
Last Post: JK-EXPLOITER
Remote Code Execution Full (Tutorial) Codefire 2 3,703 07-01-2015, 03:21 PM
Last Post: thewebrat
73 db with full information Foksi 0 1,673 01-28-2015, 10:28 AM
Last Post: Foksi
Path Travesal attack pls help me out... sincere.sundar 0 1,332 03-27-2014, 12:55 PM
Last Post: sincere.sundar
LFI (local File Inclusion) Injection pentesting (Full Tut) Codefire 0 1,844 05-17-2013, 11:41 PM
Last Post: Codefire

Forum Jump:


Users browsing this thread: 1 Guest(s)
For Support and Advertisement you can contact  701491310 c0defire@xmpp.jp


All rights reserved © 2012-2015 OffensiveCommunity, Designed at WallBB Co Uk
Powered By MyBB, © 2002-2019 MyBB Group.