9 lines
No EOL
709 B
Text
9 lines
No EOL
709 B
Text
source: https://www.securityfocus.com/bid/2902/info
|
|
|
|
1C: Arcadia Internet Store is a online shopping utility for Microsoft Windows NT/2000 that is fully integratable with 1C: Enterprise, another popular Russian web-commerce utility.
|
|
|
|
One of the components of this package, 'tradecli.dll', allows users to specify a template file, the contents of which will be output. There is no filtering on '..\' character sequences. As a result, remote users can specify an arbitrary file on the same drive as the webserver by 'traversing' outside of the web root directory.
|
|
|
|
This vulnerability may disclose sensitive information to attackers.
|
|
|
|
Exploit: http://host/script/tradecli.dll?template=..\..\..\..\..\path\to\file |