SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   MercuryBoard Vendors:   mercuryboard.com
MercuryBoard 'debug' Mode Discloses Information to Remote Users
SecurityTracker Alert ID:  1013626
SecurityTracker URL:  http://securitytracker.com/id/1013626
CVE Reference:   CVE-2005-0460   (Links to External Site)
Date:  Apr 2 2005
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 1.0.x; 1.1 - 1.1.2
Description:   In February 2005, Lostmon reported a vulnerability in MercuryBoard in the debug mode. A remote user can determine information about the system.

A remote user can append a URL with '&debug=1' or '&debug=1' to cause the system to disclose potentially sensitive information, including the SQL queries, the files used, the templates used, and the installation path.

Some demonstration exploit URLs are provided:

http://[target]/index.php?a=forum&f=\&debug=1
http://[target]/index.php?a=\&debug=1
http://[target]/index.php?a=&debug=1
http://[target]/index.php?a=forum&debug=1
http://[target]/index.php?c=&debug=1

The vendor was notified on February 2005.

Impact:   A remote user can determine potentially sensitive information, including SQL queries, files used, templates used, and the installation path.
Solution:   The vendor has released a fixed version (1.1.3), available at:

http://www.mercuryboard.com/index.php?a=downloads

Vendor URL:  www.mercuryboard.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Mercuryboard debug information disclosure


################################################
Mercuryboard 1.0.x & 1.1.x debug information disclosure
vendor url: http://www.mercuryboard.com
advisore:http://lostmon.blogspot.com/2005/02/mercuryboard-debug-information.html
exploit avaible :yes vendor: emailed
################################################


MercuryBoard is a powerful message board system dedicated to raw speed
with a mixture of features, ease of use, and ease of customization
coupled with expandability, and diverse language services


Mercuryboard contains a flaw that may lead to an unauthorized
information disclosure.  The issue is triggered when a any user
manipulates the imputs in the url and added \&debug=1 at url or
concatenate &debug=1, occurs, which will disclose all sql querys ,all
files are in use ,path disclosure, and what templates used this
information resulting in a loss of confidentiality.

afected versions :

1.0.x
1.1.x


Proof  of concept 

http://[target]/index.php?a=forum&f=\&debug=1  
http://[target]/index.php?a=\&debug=1
http://[target]/index.php?a=&debug=1
http://[target]/index.php?a=forum&debug=1
http://[target]/index.php?c=&debug=1

impact:

Loss of confidenciality
Information disclosure
path disclosure
imput manipulation.

solution:

Currently, there are no known upgrades, patches, or workarounds
available to correct this issue.


release time :

discovered :     2005-02-13 
Email to vendor: 2005-02-13
disclosure date: 2005-02-14

Atentamente:

Lostmon (lostmon@gmail.com)

Thnx to estrella Ke Tailoviu un monton :P
thnx to all for the support.



http://Lostmon.blogsport.com/

Data Mangler of http://www.osvdb.org
-- 
La curiosidad es lo que hace mover la mente....
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC