Exploit profitcode software payprocart 3.0 - Directory Traversal

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
25338
Проверка EDB
  1. Пройдено
Автор
DIABOLIC CRAB
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2005-1005
Дата публикации
2005-04-05
Код:
source: https://www.securityfocus.com/bid/13006/info

ProfitCode Software PayProCart may allow a remote attacker to carry out directory traversal attacks.

It is reported that this issue can be exploited by issuing a specially crafted HTTP GET request and supplying directory traversal sequences followed by a target file name through an affected parameter.

Reportedly, the attacker can gain access to file owned by the administrator and gain administrative access to the application by accessing the administrative panel. The attacker is able to gain access to the administrative panel without providing authentication credentials.

PayProCart versions 3.0 is affected by this issue. Other versions may be affected as well. 

http://www.example.com/adminshop/index.php?proMod=index&amp%3bftoedit=..%2fshopincs%2fmaintopENG
 
Источник
www.exploit-db.com

Похожие темы