Advanced Poll 2.0 - Remote Information Disclosure

EDB-ID:

22412


Author:

subj

Type:

webapps


Platform:

PHP

Date:

2003-03-22


source: https://www.securityfocus.com/bid/7171/info

It has been reported that an information disclosure vulnerability exists in Advanced Poll. Because of this, a remote user to potentially access privileged information that could lead to further attack against the host and it's users.

http://www.example.com/[poll_dir]/db/info.php
http://www.example.com/[poll_dir]/textfile/info.php