11 lines
No EOL
616 B
Text
11 lines
No EOL
616 B
Text
source: http://www.securityfocus.com/bid/2904/info
|
|
|
|
1C: Arcadia Internet Store is a online shopping utility for Microsoft Windows NT/2000 that is fully integratable with 1C: Enterprise, another popular Russian web-commerce utility.
|
|
|
|
One of the components of this package, 'tradecli.dll', allows users to specify a template file, the contents of which will be output.
|
|
|
|
If the requested file does not exist, the error message will contain the absolute path of the application on the webserver.
|
|
|
|
This information may assist in further attacks.
|
|
|
|
Exploit: http://host/scripts/tradecli.dll?template=nonexistfile |