Vulners
Lucene search
extropia webstore 1.0/2.0 - Directory Traversal
source: https://www.securityfocus.com/bid/1774/info
Extropia WebStore is an e-commerce shopping cart application consisting of routines for error handling, order processing, encrypted mailing, frames, Javascript and VBscript.
The routine web_store.cgi does not properly handle the $file_extension variable if null characters are used.
For example if the following URL was requested, the file in question would not be delivered to the user:
http://target/cgi-bin/Web_Store/web_store.cgi?page=../../../path/filename.ext
However, by using the escaped character "%00", the requested file would be accessed successfully:
http://target/cgi-bin/Web_Store/web_store.cgi?page=../../../path/filename%00ext
Successful exploitation could lead to a remote intruder gaining read access to any known file.Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
09 Oct 2000 00:00Current
7.4High risk
Vulners AI Score7.4