Dansie Shopping Cart - Server Error Message Installation Full Path Disclosure

EDB-ID:

23266


Platform:

CGI

Published:

2003-10-20

source: https://www.securityfocus.com/bid/8860/info

Dansie Shopping Cart is reported to be prone to path disclosre issue in the 'db' parameter of 'cart.pl' that may lead to an attacker gaining sensitive information about the installation path of the system.

Information gained by exploiting this attack may aid an attacker in launching further attacks against a vulnerable system.

http://www.example.com/cgi-bin/cart.pl?db='