Brooky eStore 敏感信息获得漏洞

19次阅读
没有评论

Brooky eStore 敏感信息获得漏洞

漏洞ID 1107419 漏洞类型 未知
发布时间 2003-07-17 更新时间 2003-08-18
Brooky eStore 敏感信息获得漏洞CVE编号 CVE-2003-0586
Brooky eStore 敏感信息获得漏洞CNNVD-ID CNNVD-200308-084
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/22925
https://www.securityfocus.com/bid/87452
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200308-084
|漏洞详情
BrookyeStore1.0.1版本到1.0.2b版本存在漏洞。远程攻击者可以借助settings.inc.php的直接HTTP请求获得敏感路径信息。
|漏洞EXP
source: http://www.securityfocus.com/bid/8220/info

eStore is prone to a path disclosure vulnerability.

It has been reported that a remote attacker may make a direct HTTP request for an eStore include script and in doing so trigger an error. The resulting error message will disclose potentially sensitive installation path information to the remote attacker.

http://www.example.com/admin/settings.inc.php
|受影响的产品
Brooky Estore 1.0.2b
|参考资料

来源:BUGTRAQ
名称:20030717eStoreSQLInjectionVulnerability&PathDisclosure;
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=105845898003616&w;=2

相关推荐: Sun JDK/JRE Disallowed Class Loading Vulnerability

Sun JDK/JRE Disallowed Class Loading Vulnerability 漏洞ID 1103602 漏洞类型 Design Error 发布时间 2000-11-29 更新时间 2000-11-29 CVE编号 N/A CNNVD-…

正文完
 0