MyBB 1.6.9 full path disclosure

[Nytro]

[h=2]MyBB 1.6.9 full path disclosure[/h]

MyBB has released its update on 15th December. MyBB 1.6.9 is still affected with full path disclosure vulnerablity

author : cyb3rboy
website: freemium-devils.in
code104.net

greetz cyberace, ketan , shubham , S3v3n , th3 d3stroyer , amol

the following path was found vulnerable to full path disclosure

/inc/3rdparty/diff/Diff/Engine/xdiff.php
/inc/3rdparty/diff/Diff/Engine/native.php
/inc/3rdparty/diff/Diff/ThreeWay.php
/inc/3rdparty/diff/Diff/Renderer.php
/inc/3rdparty/diff/Diff/Mapped.php

http://netsoccer.eu/forum/inc/3rdparty/diff/Diff/Engine/xdiff.php
http://netsoccer.eu/forum/inc/3rdparty/diff/Diff/Engine/native.php
http://netsoccer.eu/forum//inc/3rdparty/diff/Diff/ThreeWay.php
http://netsoccer.eu/forum/inc/3rdparty/diff/Diff/Renderer.php
http://netsoccer.eu/forum/inc/3rdparty/diff/Diff/Mapped.php

http://shark007.net/forum/inc/3rdparty/diff/Diff/ThreeWay.php
http://shark007.net/forum//inc/3rdparty/diff/Diff/Mapped.php

http://www.mybbgm.com/inc/3rdparty/diff/Diff/Mapped.php
http://www.mybbgm.com/inc/3rdparty/diff/Diff/ThreeWay.php

# 1337day.com [2012-12-20]

Sursa: 1337day Inj3ct0r Exploit Database : vulnerability : 0day : shellcode by Inj3ct0r Team