ID PACKETSTORM:39069
Type packetstorm
Reporter Packet Storm
Modified 2005-08-06T00:00:00
Description
`Class: Input Validation Error
Vulnerable: Comdev Comdev eCommerce 3.0
The wce.download.php script (present in two locations) can be passed a "download" http request parameter to download an arbitrary file on the vulnerable server.
Example:
http://www.vulnerable.com/oneadmin/faqsupport/wce.download.php?download=../../config.php
`
{"sourceHref": "https://packetstormsecurity.com/files/download/39069/comdevTraversal.txt", "sourceData": "`Class: Input Validation Error \nVulnerable: Comdev Comdev eCommerce 3.0 \n \nThe wce.download.php script (present in two locations) can be passed a \"download\" http request parameter to download an arbitrary file on the vulnerable server. \n \nExample: \n \nhttp://www.vulnerable.com/oneadmin/faqsupport/wce.download.php?download=../../config.php \n`\n", "edition": 1, "references": [], "modified": "2005-08-06T00:00:00", "hash": "f1cb87858013b7ce9980c6e2148838ee88a7d5fe49691e64c29b639b86b6c888", "cvelist": [], "history": [], "bulletinFamily": "exploit", "href": "https://packetstormsecurity.com/files/39069/comdevTraversal.txt.html", "description": "", "id": "PACKETSTORM:39069", "reporter": "Packet Storm", "lastseen": "2016-11-03T10:20:44", "published": "2005-08-06T00:00:00", "enchantments": {"score": {"value": -0.3, "vector": "NONE", "modified": "2016-11-03T10:20:44"}, "dependencies": {"references": [], "modified": "2016-11-03T10:20:44"}, "vulnersScore": -0.3}, "objectVersion": "1.2", "type": "packetstorm", "cvss": {"vector": "NONE", "score": 0.0}, "title": "comdevTraversal.txt", "viewCount": 0, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "description"}, {"hash": "12946135c29d1057dbd7a11b12e8e95d", "key": "href"}, {"hash": "b2870dc8ebaea67fb23a847fbd1cbb76", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "b2870dc8ebaea67fb23a847fbd1cbb76", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "7e63640ffbb0546f3e2929f550c8818d", "key": "reporter"}, {"hash": "e76c0fb016e6cf4ba223846ef0706064", "key": "sourceData"}, {"hash": "6fe83ccb2b6d7673cf4334b2621e6f79", "key": "sourceHref"}, {"hash": "9921022f47b1ed742cc5667f500d2c88", "key": "title"}, {"hash": "6466ca3735f647eeaed965d9e71bd35d", "key": "type"}]}
{}