Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

happymall-adv.txt

🗓️ 15 May 2003 00:00:00Reported by e2fsckType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 21 Views

Happymall has directory traversal and XSS vulnerabilities affecting versions 4.3 and 4.4.

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`Happymall E-Commerce Directory Transversal Bug and Cross-site scripting  
  
Vendor: Happycgi.com  
  
Product: Happymall  
  
Versions: 4.3, 4.4 (patched version too)  
  
'normal_html.cgi' doesn't filter user-supplied input. The well-known directory transversal  
and cross-site scripting (XSS) vulnerabilities are present in Happymall (patched version too).  
  
The impact is that attackers can read files on the system and use XSS tricks to steal  
cookies and other informations.  
  
An example: /shop/normal_html.cgi?file=../../../../../../etc/issue%00  
/shop/normal_html.cgi?file=<script>alert("XSS")</script>  
  
Even happycgi.com is vulnerable to these bugs.  
  
Solution: I have contacted CERTCC-KR.  
  
Greetings: y0Rk, iplogd, rfds, VUGO, psaux, romer, cronus, Sh0dan, jo3y_, psyc, Red_Hat  
BoLoDoRio, c7g, C0VER, SaintsLD, sarkastics, B_Real and #xcorp @ BRASNet :)  
  
Julio "e2fsck" Cesar, <[email protected]>  
e2fsck @ irc.brasnet.org  
  
san dimas high school football rules`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
15 May 2003 00:00Current
7.4High risk
Vulners AI Score7.4
happymall vulnerabilitiesdirectory traversalcross-site scriptinghappycgi vendorimpact on system.
21
.json
Report