Home page logo

bugtraq logo Bugtraq mailing list archives

RE: osCommerce "extras/" information/source code disclosure
From: "Michael Scheidell" <scheidell () secnap net>
Date: Sat, 15 Apr 2006 08:39:14 -0400

-----Original Message-----
From: rgod () autistici org [mailto:rgod () autistici org] 
Sent: Friday, April 14, 2006 7:20 AM
To: bugtraq () securityfocus com
Subject: osCommerce "extras/" information/source code disclosure

---- osCommerce <= 2.2 "extras/" information/source code 
disclosure ------------

software site: http://www.oscommerce.com/

if extras/ folder is placed inside the www path, you can see 
all files on target system, including php source code with 
database details, poc:


Amazing:  this was reported to oscommerce almost a year ago by andiroo
blat gmail, and they didn't do anything about it?



For you snorters, rules have been posted to snort-sigs and bleeding
mailing list.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]