Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[Web languages(HTML, CSS, JS, jQuery, etc.)] MyBB 1.6.9 Directory Disclosure + PHP Error!
#1
This vulnerability usually only reveals the home directory and some other PHP crap, but if you're lucky, it will spill the beans and allow you to view directories.



http://hackforums.net/inc/3rdparty/diff/...reeWay.php
http://leakforums.org/inc/3rdparty/diff/...reeWay.php

Code:
/inc/3rdparty/diff/Diff/Engine/xdiff.php
/inc/3rdparty/diff/Diff/Engine/native.php
/inc/3rdparty/diff/Diff/ThreeWay.php
/inc/3rdparty/diff/Diff/Renderer.php
/inc/3rdparty/diff/Diff/Mapped.php

Also, the name "three way" is a little bit humorous. Tongue
Reply
#2
Lol nice one man :3 I didn't know this one
Reply
#3
Just a note to anyone seeing this, this can be fixed by denying access to /inc with htaccess.

To do that:
Put a file in the /inc directory named .htaccess
in the htaccess put
deny to alll

Test it by going to /inc the web browser, it should give a 403 error
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)