7 lines
No EOL
767 B
Text
7 lines
No EOL
767 B
Text
source: http://www.securityfocus.com/bid/9282/info
|
|
|
|
It has been reported that QuikStore Shopping Cart may be prone to an information disclosure vulnerability due to insufficient sanitization of user-supplied data through the 'store' parameter of the 'quikstore.cgi' script. An attacker may dislcose the installation path of a file by making a malformed request and passing a single quote "'" character to generate an error message. The error message is reported to contain sensitive information such as the installation path.
|
|
|
|
Specific vulnerable versions of the software were not identified in the report; therefore it is assumed that the current version QuikStore Shopping Cart v2.12 is vulnerable to this issue.
|
|
|
|
http://[target]/cgi-bin/quikstore.cgi?store=' |