Forum51/Board51/News51 Users Disclosure

medium Nessus Plugin ID 11796

Language:

Synopsis

A web application running on the remote host has an information disclosure vulnerability.

Description

The remote web server is running a bulletin board application (Forum51, Board51, or News51) with an information disclosure vulnerability. It is possible to retrieve usernames and password hashes by requesting '/data/user.idx'. A remote attacker could use this information to mount further attacks.

Solution

Restrict public access to the '/data' directory.

Plugin Details

Severity: Medium

ID: 11796

File Name: forum51_user_disclosure.nasl

Version: 1.19

Type: remote

Family: CGI abuses

Published: 7/21/2003

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 7/8/2003

Reference Information

BID: 8126, 8127, 8128

Secunia: 9253

Detections

Analytics