ID de Prueba:	1.3.6.1.4.1.25623.1.0.10533
Categoría:	Remote file access
Título:	Web Shopper Remote File Retrieval Vulnerability - Active Check
Resumen:	Byte's Interactive Web Shopper; (shopper.cgi) allows for retrieval of arbitrary files from the web server.; Both Versions 1.0 and 2.0 are affected.;; Example: GET /cgi-bin/shopper.cgi?newpage=../../../../etc/passwd;; will return /etc/passwd.
Descripción:	Summary: Byte's Interactive Web Shopper (shopper.cgi) allows for retrieval of arbitrary files from the web server. Both Versions 1.0 and 2.0 are affected. Example: GET /cgi-bin/shopper.cgi?newpage=../../../../etc/passwd will return /etc/passwd. Solution: Uncomment the #$debug=1 variable in the script so that it will check for, and disallow, viewing of arbitrary files. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2000-0922 BugTraq ID: 1776 http://www.securityfocus.com/bid/1776 Bugtraq: 20001008 Security Advisory: Bytes Interactive's Web Shopper (shopper.cgi) Directory Traversal Vulnerability (Google Search) http://archives.neohapsis.com/archives/bugtraq/2000-10/0120.html XForce ISS Database: web-shopper-directory-traversal(5351) https://exchange.xforce.ibmcloud.com/vulnerabilities/5351
Copyright	Copyright (C) 2000 Thomas Reinke

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.