source: http://www.securityfocus.com/bid/14294/info osCommerce is prone to an information-disclosure vulnerability. An attacker could exploit this vulnerability to display the contents of any file normally readable by the webserver process. Successful exploitation would result in information disclosure. Information obtained could aid the attacker in further attacks against the underlying system; other attacks are also possible. This issue reportedly affects osCommerce version 2.2 milestone 2; other versions may also be vulnerable. http://www.example.com/catalog/extras/update.php?readme_file=/etc/passwd http://www.example.com/catalog/extras/update.php?readme_file=../admin/.htaccess
Related Exploits
Trying to match CVEs (1): CVE-2005-2330Trying to match OSVDBs (1): 18249
Other Possible E-DB Search Terms: osCommerce 2.2, osCommerce