ProductCart文件泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107406 漏洞类型 设计错误
发布时间 2003-07-05 更新时间 2006-09-25
CVE编号 CVE-2003-1304 CNNVD-ID CNNVD-200312-340
漏洞平台 ASP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/22868
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-340
|漏洞详情
EarlyImpactProductCart1.0版本到2.0版本在带不充分访问控制的web根下储存数据库/EIPC.mdb,远程攻击者可以借助直接请求获得敏感数据库信息。
|漏洞EXP
source: http://www.securityfocus.com/bid/8112/info

A vulnerability has been reported for ProductCart that may result in an attacker obtaining the contents of the database file.

http://victimhost/productcart/database/EIPC.mdb
|参考资料

来源:XF
名称:shopping-cart-database-access(9816)
链接:http://xforce.iss.net/xforce/xfdb/9816
来源:BID
名称:8112
链接:http://www.securityfocus.com/bid/8112
来源:BUGTRAQ
名称:20060622productcartsoltan_defacer
链接:http://www.securityfocus.com/archive/1/archive/1/438189/100/200/threaded
来源:www.earlyimpact.com
链接:http://www.earlyimpact.com/pdf/ProductCart_Security_Tips.pdf
来源:SECUNIA
名称:9195
链接:http://secunia.com/advisories/9195
来源:FULLDISC
名称:20030705[Vulnerability]:ProductCartdatabasefilecanbedownloadedremotely
链接:http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/0081.html