DC Scripts DCShop Beta 1.0 02 - File Disclosure (1)

2001-06-18T00:00:00
ID EXPLOITPACK:8B9B8039B97C571F61DD02E93B19C36F
Type exploitpack
Reporter Peter Helms
Modified 2001-06-18T00:00:00

Description

DC Scripts DCShop Beta 1.0 02 - File Disclosure (1)

                                        
                                            source: https://www.securityfocus.com/bid/2889/info

DCShop is a GCI-based ecommerce system from DCScripts.

Under certain configurations, a beta version of this product can allow a remote user to request and obtain files containing confidential order data, including credit card and other private customer information, as well as the DCShop admnistrator login ID and password. 

http://theTargetHost/cgi-bin/DCShop/Orders/orders.txt