CommerceSQL Shopping Cart 2.2 – ‘index.cgi’ Directory Traversal

CommerceSQL Shopping Cart 2.2 – ‘index.cgi’ Directory Traversal

漏洞ID 1054266 漏洞类型
发布时间 2003-11-24 更新时间 2003-11-24
图片[1]-CommerceSQL Shopping Cart 2.2 – ‘index.cgi’ Directory Traversal-安全小百科CVE编号 N/A
图片[2]-CommerceSQL Shopping Cart 2.2 – ‘index.cgi’ Directory Traversal-安全小百科CNNVD-ID N/A
漏洞平台 CGI CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23395
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/9094/info

It has been reported that CommerceSQL may be prone to a directory traversal vulnerability that may allow an attacker to gain access to sensitive information. The issue presents itself due to insufficient sanitization of user-supplied input. An attacker may traverse outside the server root directory by using '../' character sequences. 

index.cgi?page=../../../../../../../../etc/passwd

相关推荐: GNU Ffingerd 1.19 – ‘Username’ Validity Disclosure

GNU Ffingerd 1.19 – ‘Username’ Validity Disclosure 漏洞ID 1105520 漏洞类型 发布时间 1999-08-23 更新时间 1999-08-23 CVE编号 CVE-1999-0492 CNNVD-ID …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享