|
Family: CGI abuses --> Category: infos
BBS E-Market File Disclosure Vulnerability Scan
Vulnerability Scan Summary Directory Traversal Attempt
Detailed Explanation for this Vulnerability Test
The remote host is running BBS E-Market Professional, a Korean Web-Based
e-commerce application written in PHP.
There is a flaw in the remote version of this software which may allow
a possible hacker to read arbitrary files on the remote host with the
rights of the HTTP daemon by making the following request :
http://www.example.com/bemarket/shop/index.php?pargeurl=viewpage&filename=../../etc/passwd
Solution : Upgrade to version 1.4.0 of this software
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|