header-logo
Suggest Exploit
vendor:
Web Shopper
by:
SecurityFocus
4.3
CVSS
MEDIUM
Path Traversal
22
CWE
Product Name: Web Shopper
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Bytes Interactive Web Shopper Path Traversal Vulnerability

Bytes Interactive Web Shopper is a XML based shopping cart application. The 'newpage' variable does not properly check for insecure relative paths such as the double dot '..'. The following URL request: http://target/cgi-bin/shopper.cgi?newpage=../../../path/filename.ext will yield the file specified. Successful exploitation could lead to a remote intruder gaining read access to any known file.

Mitigation:

Ensure that the application is not vulnerable to path traversal attacks by validating user input.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1776/info

Bytes Interactive Web Shopper is a XML based shopping cart application. 

The "newpage" variable does not properly check for insecure relative paths such as the double dot "..". 

The following URL request:

http://target/cgi-bin/shopper.cgi?newpage=../../../path/filename.ext

will yield the file specified.

Successful exploitation could lead to a remote intruder gaining read access to any known file.

Navigation

Suggest Exploit

Services By CQR