|Category:||Remote file access|
|Title:||eXtropia Web Store remote file retrieval|
|Summary:||eXtropia's Web Store shopping cart program allows the remote; file retrieval of any file that ends in a .html extension. Further, by supplying a URL with an; embedded null byte, the script can be made to retrieve any file at all.|
eXtropia's Web Store shopping cart program allows the remote
file retrieval of any file that ends in a .html extension. Further, by supplying a URL with an
embedded null byte, the script can be made to retrieve any file at all.
No known solution was made available for at least one year since the
disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to
upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
BugTraq ID: 1774|
Common Vulnerability Exposure (CVE) ID: CVE-2000-1005
Bugtraq: 20001009 Security Advisory : eXtropia WebStore (web_store.cgi) Directory Traversal Vulnerability (Google Search)
XForce ISS Database: extropia-webstore-fileread(5347)
|Copyright||Copyright (C) 2000 Thomas Reinke|
|This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.