Brooky eStore 敏感信息获得漏洞-安全小百科

Brooky eStore 敏感信息获得漏洞

漏洞ID	1107419	漏洞类型	未知
发布时间	2003-07-17	更新时间	2003-08-18
CVE编号	CVE-2003-0586	CNNVD-ID	CNNVD-200308-084
漏洞平台	PHP	CVSS评分	7.5

|漏洞来源

https://www.exploit-db.com/exploits/22925
https://www.securityfocus.com/bid/87452
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200308-084

|漏洞详情

BrookyeStore1.0.1版本到1.0.2b版本存在漏洞。远程攻击者可以借助settings.inc.php的直接HTTP请求获得敏感路径信息。

|漏洞EXP

source: http://www.securityfocus.com/bid/8220/info

eStore is prone to a path disclosure vulnerability.

It has been reported that a remote attacker may make a direct HTTP request for an eStore include script and in doing so trigger an error. The resulting error message will disclose potentially sensitive installation path information to the remote attacker.

http://www.example.com/admin/settings.inc.php

|受影响的产品

Brooky Estore 1.0.2b

|参考资料

来源:BUGTRAQ
名称:20030717eStoreSQLInjectionVulnerability&PathDisclosure;
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=105845898003616&w;=2

相关推荐: Sun JDK/JRE Disallowed Class Loading Vulnerability

Sun JDK/JRE Disallowed Class Loading Vulnerability 漏洞ID 1103602 漏洞类型 Design Error 发布时间 2000-11-29 更新时间 2000-11-29 CVE编号 N/A CNNVD-…

文章版权归作者所有，未经允许请勿转载。

THE END