<<< Date Index >>>     <<< Thread Index >>>

Vulnerability: Bitrix Web Server Paths



Vendor: Bitrix
Product:Bitrix Site Manager 4.0.x

Consequences: Web server paths
Risk: Minimal

Description: during executions of
http://host/bitrix/templates/.default/subscribe/subscr_form.php
http://host /bitrix/php_interface/dbquery_error.php
there got an erros which is causing web server internal path information 
availability

Google search: inurl: /bitrix/ 

Discoveried By D_BuG d_bug@xxxxx
NemesisSecurityTeam
http://nemesisoftware.com/

CheckZond free v. 1.0 http://nemesisoftware.com/products.htm
uses the vulnerabilities above for automatic vulnerabilities search (Google 
Hacking technique) and usage.

-- 
Best regards,
 D_BuG                          mailto:d_bug@xxxxx