Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: e-commerce, shopping carts :: bt847.txt

geeeekShop Shopping Cart Path Disclosure

ZH2003-17SA (security advisory): geeeekShop Shopping Cart Path Disclosure

Published: 9 august 2003

Released: 9 august 2003

Name: geeeekShop Shopping Cart System 

Affected Systems: 1.4.0

Issue: Remote attackers can know the path of the site





Zone-h Security Team has discovered a flaw in geeeekShop Shopping Cart

v1.4.0. "geeeekShop is a PHP / MySQL based shopping cart system that is 

easy enough for somebody who is new to the internet but powerful enough 

for the seasoned veteran."




It's possible to make a malformed http request for many files in

geeeekShop Shopping Cart and in doing so trigger an error. 

The resulting error message will disclose potentially sensitive 


path information to the remote attacker.


If we do a simple http request for many files in geeeekShop Shopping Cart 


will have the same problem.




The vendor has been contacted and a patch is not yet produced.



Filter all files. 

G00db0y - admin

Original advisory here:

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH