Vulners
Lucene search
happymall-adv.txt
`Happymall E-Commerce Directory Transversal Bug and Cross-site scripting
Vendor: Happycgi.com
Product: Happymall
Versions: 4.3, 4.4 (patched version too)
'normal_html.cgi' doesn't filter user-supplied input. The well-known directory transversal
and cross-site scripting (XSS) vulnerabilities are present in Happymall (patched version too).
The impact is that attackers can read files on the system and use XSS tricks to steal
cookies and other informations.
An example: /shop/normal_html.cgi?file=../../../../../../etc/issue%00
/shop/normal_html.cgi?file=<script>alert("XSS")</script>
Even happycgi.com is vulnerable to these bugs.
Solution: I have contacted CERTCC-KR.
Greetings: y0Rk, iplogd, rfds, VUGO, psaux, romer, cronus, Sh0dan, jo3y_, psyc, Red_Hat
BoLoDoRio, c7g, C0VER, SaintsLD, sarkastics, B_Real and #xcorp @ BRASNet :)
Julio "e2fsck" Cesar, <[email protected]>
e2fsck @ irc.brasnet.org
san dimas high school football rules`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
15 May 2003 00:00Current
7.4High risk
Vulners AI Score7.4