eStore 1.0.1/1.0.2 Settings.inc.PHP Path Disclosure Vulnerability

2003-07-17T00:00:00
ID EDB-ID:22925
Type exploitdb
Reporter Bosen
Modified 2003-07-17T00:00:00

Description

eStore 1.0.1/1.0.2 Settings.inc.PHP Path Disclosure Vulnerability. CVE-2003-0586. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/8220/info

eStore is prone to a path disclosure vulnerability.

It has been reported that a remote attacker may make a direct HTTP request for an eStore include script and in doing so trigger an error. The resulting error message will disclose potentially sensitive installation path information to the remote attacker.

http://www.example.com/admin/settings.inc.php