[From nobody Mon May  7 09:20:05 2007
Return-Path: &lt;cyrus@fezzik&gt;
Received: from fezzik ([unix socket]) (authenticated user=mailinglists bits=0)
	by fezzik (Cyrus v2.1.18-IPv6-Debian-2.1.18-1) with LMTP;
	Thu, 03 May 2007 02:13:58 +0300
X-Sieve: CMU Sieve 2.2
Return-Path: &lt;DoZ@hackerscenter.com&gt;
Received: from houseofcards.securiteam.com (securiteam.com [192.117.232.213])
	by fezzik.beyondsecurity.com (Postfix) with SMTP id 39A882080AB
	for &lt;news@mail.beyondsecurity.com&gt;;
	Thu,  3 May 2007 02:13:55 +0300 (IDT)
Received: (qmail 25184 invoked by uid 501); 2 May 2007 23:13:23 -0000
Delivered-To: aviram-securiteam-news@securiteam.com
Received: (qmail 25180 invoked from network); 2 May 2007 23:13:22 -0000
Received: from mail.hackerscenter.com (64.22.88.14)
	by 0 with SMTP; 2 May 2007 23:13:22 -0000
Received: from localhost ([127.0.0.1]) by home with MailEnable ESMTP;
	Wed, 02 May 2007 19:14:44 -0400
Received: from 66.67.116.12 ([66.67.116.12]) by webmail.hackerscenter.com
	(Horde MIME library) with HTTP; Wed, 02 May 2007 19:14:44 -0400
Message-ID: &lt;20070502191444.favhpobvackc0so4@webmail.hackerscenter.com&gt;
Date: Wed, 02 May 2007 19:14:44 -0400
From: DoZ@hackerscenter.com
To: news@securiteam.com
Subject: Aardvark Topsites PHP Directory Disclosure Vulnerability
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; DelSp=&quot;Yes&quot;; format=&quot;flowed&quot;
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
User-Agent: Internet Messaging Program (IMP) H3 (4.1.3)
X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on fezzik
X-Spam-Level: 
X-Spam-Status: No, score=-1.1 required=6.0 tests=BAYES_40,NO_REAL_NAME 
	autolearn=no version=3.0.3
X-UID: 28381
X-Length: 2866

  Aardvark Topsites PHP Directory Disclosure Vulnerability


Aardvark Topsites PHP is the premier free PHP/MySQL topsites script. =20
An attacker can see what files are in the Directory. Knowing what is =20
there to be executed can allow for more targeted and intelligent =20
attacks against PHP Files known to be vulnerable listed there. A =20
successful attack could allow an attacker to compromise the =20
application, access or modify data, or exploit vulnerabilities in the =20
underlying database implementation.


Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz


Remote: YES
Class: Improper Instalation configuration.


Vendor: http://www.aardvarktopsitesphp.com

Version: 5.1.2 and Previous versions!


* Attackers can exploit these issues via a web client.


Exploit:

http://www.site.com/topsites/sources/

http://www.site.com/sources/


Proff of Concept: http://i17.tinypic.com/646pvtg.jpg


Security researcher? Join us: mail Zinho at zinho at hackerscenter.com

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


]