Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: e-commerce, shopping carts :: bt836.txt

C-Cart Shopping Cart Path Disclosure

ZH2003-16SA (security advisory): C-Cart Shopping Cart Path Disclosure

Published: 8 august 2003

Released: 8 august 2003

Name: C-Cart 

Affected Systems: 1.0

Issue: Remote attackers can know the path of the site





Zone-h Security Team has discovered a flaw in C-Cart Shopping Cart

v1.0. C-Cart is "a powerful yet simple shopping cart written in PHP 

with a MySQL database to store the product details".




It's possible to make a malformed http request for many files in

C-Cart Shopping Cart and in doing so trigger an error. 

The resulting error message will disclose potentially sensitive 


path information to the remote attacker.




The vendor has been contacted and a patch is not yet produced.



Filter all files. 

G00db0y - admin

Original advisory here:

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH