|
Family: Remote file access --> Category: infos
eXtropia Web Store remote file retrieval Vulnerability Scan
Vulnerability Scan Summary eXtropia Web Store remote file retrieval
Detailed Explanation for this Vulnerability Test
eXtropia's Web Store shopping cart
program allows the remote file retrieval of any file
that ends in a .html extension. Further, by supplying
a URL with an imbedded null byte, the script can be made
to retrieve any file at all.
Example:
GET /cgi-bin/Web_Store/web_store.cgi?page=../../../../etc/passwd%00.html
will return /etc/passwd.
Solution: None available at this time
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|