WebTrends Reporting Center Path Disclosure vulnerability
========================================================


Problem:
========
WebTrends Reporting Center is administrated via a web interface.

It seems to be possible to disclose the physical path to the application. This
information could be useful to a malicious user wishing to gain
illegal access to resources on the server.

Vulnerable:
===========
WebTrends Reporting Center- Enterprise Edition

Version: 6.1a
Platform: win32
Built: 7591

Exploiting:
===========
http://server:1099/viewreport.pl?profileid=dontexist
(see http://www.oliverkarow.de/research/WT.jpg )

Product Description
===================
See www.webtrends.com for more information :)

Vendor status
=============
Vendor was informed on 05/january/2004, and acknowledged the receiption of the message....thats all :(

Author:
=======
www.oliverkarow.de