Dansie Shopping Cart Server Error Message Installation Path Disclosure Vulnerability

2003-10-20T00:00:00
ID EDB-ID:23266
Type exploitdb
Reporter Dr`Ponidi
Modified 2003-10-20T00:00:00

Description

Dansie Shopping Cart Server Error Message Installation Path Disclosure Vulnerability. CVE-2003-1517. Webapps exploit for cgi platform

                                        
                                            source: http://www.securityfocus.com/bid/8860/info

Dansie Shopping Cart is reported to be prone to path disclosre issue in the 'db' parameter of 'cart.pl' that may lead to an attacker gaining sensitive information about the installation path of the system.

Information gained by exploiting this attack may aid an attacker in launching further attacks against a vulnerable system.

http://www.example.com/cgi-bin/cart.pl?db='