https://www.exploit-db.com/exploits/22925
https://www.securityfocus.com/bid/87452
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200308-084

BrookyeStore1.0.1版本到1.0.2b版本存在漏洞。远程攻击者可以借助settings.inc.php的直接HTTP请求获得敏感路径信息。

source: http://www.securityfocus.com/bid/8220/info

eStore is prone to a path disclosure vulnerability.

It has been reported that a remote attacker may make a direct HTTP request for an eStore include script and in doing so trigger an error. The resulting error message will disclose potentially sensitive installation path information to the remote attacker.

http://www.example.com/admin/settings.inc.php

Brooky Estore 1.0.2b

来源:BUGTRAQ
名称:20030717eStoreSQLInjectionVulnerability&PathDisclosure;
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=105845898003616&w;=2