There is a full path disclosure in .jbf files. This is not a problem when used on a standalone pc, but it does become information disclosure when uploaded / used on a webserver...
GOogle: ext:jbf jbf
Results 1 - 100 of about 8,230
Or: JASC BROWS FILE ext:jbf jbf
The first line of this file says "JASC BROWS FILE"
The second line of this file has the path info..
Example 1:
JASC BROWS FILE
\\File_server\WebSite\images\3D
Example 2:
JASC BROWS FILE
U:\u50_5\alephe\www_ned\icon\UBU05
Example 3:
JASC BROWS FILE
Z:\www
No comments:
Post a Comment