YourFreeWorld tr1.php path disclosure
| yourfreeworld-tr1-path-disclosure (26571) |  Low Risk |
Description:
YourFreeWorld Stylish Text Ads Script could allow a remote attacker to obtain the full installation path. A remote attacker could send specially-crafted URL request to the tr1.php script to cause the system to return an error that displays the full installation path for YourFreeWorld. An attacker could use this information to launch further attacks against the affected system.
Consequences:
Obtain Information
Remedy:
No remedy available as of July 9, 2011.
References:
- Bugtraq Mailing List, Thu May 18 2006 - 22:24:48 CDT : Yourfreeworld Styleish Text Ads Script.
- YourFreeWorld.com Web site: YourFreeWorld.com - Taking Care of Business.
- CVE-2006-6461: tr1.php in Yourfreeworld Stylish Text Ads Script allows remote attackers to obtain the installation path via an invalid id parameter, which leaks the path in an error message. NOTE: this issue might be resultant from CVE-2006-2508.
Platforms Affected:
- YourFreeWorld Stylish Text Ads Script
Reported:
May 18, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net