Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: e-commerce, shopping carts :: hack1860.htm

CommerceSQL Remote File Read Vulnerability
[CommerceSQL] Remote File Read Vulnerability

CommerceSQL shopping cart ( allows remote file reading. It only needs to specially prepared page variable in index.cgi to allow reading remote files (like /etc/passwd)

By using prepared GET page variable it allows user to read remote files


With index.cgi?page=../../../../../../../../etc/passwd puts out your /etc/passwd on the screen of pottential attacker.


* All CommerceSQL Shopping Cart Versions


* Not needed


* Not yet available


Mariusz "Craig" Cieśla  

getNet network administrator / security consultant

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH