X-Cart Information Disclosure Vulnerability

vendor:

X-Cart

by:

SecurityFocus

8.8

CVSS

HIGH

Information Disclosure

200

CWE

Product Name: X-Cart

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: Unknown

Related CWE: N/A

CPE: a:x-cart:x-cart

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Unknown

2002

X-Cart Information Disclosure Vulnerability

X-Cart is vulnerable to an information disclosure issue due to a failure of the application to sanitize values specified by parameters in the URI. This issue has been reported to affect the 'auth.php' and 'general.php' scripts. By setting the 'mode' URI parameter to request information on the current PHP and Perl software versions, attackers can gain access to sensitive system details. Additionally, the 'config[General][shop_closed]' and 'shop_closed_file' parameters can be set to view any web server readable files on the affected system.

Mitigation:

Ensure that user-supplied input is properly sanitized and validated.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9563/info

X-Cart has been reported to be prone to an issue that may allow remote attackers to view any web server readable files on the affected system. The issue is caused by a failure of the application to sanitize values specified by parameters in the URI. This issue has been reported to affect the 'auth.php' script.

It has been reported that there is also an information disclosure issue with the 'general.php' script that resides in the 'admin' directory of the application. The 'mode' URI parameter can be set to request information on the current PHP and Perl software versions, allowing potential attackers the gain access to sensitive system details. 

http://servername/customer/auth.php?config[General][shop_closed]=Y&shop_closed_file=../../../../../../../etc/passwd