Exploit Database - Logo

osCommerce 2.2 - update.php Information Disclosure

EDB-ID: 25994 Author: Andrew Hunter Published: 2005-07-18
CVE: CVE-2005-2330 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: Vulnerability
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/14294/info

osCommerce is prone to an information-disclosure vulnerability. An attacker could exploit this vulnerability to display the contents of any file normally readable by the webserver process.

Successful exploitation would result in information disclosure. Information obtained could aid the attacker in further attacks against the underlying system; other attacks are also possible.

This issue reportedly affects osCommerce version 2.2 milestone 2; other versions may also be vulnerable. 

http://www.example.com/catalog/extras/update.php?readme_file=/etc/passwd
http://www.example.com/catalog/extras/update.php?readme_file=../admin/.htaccess

Related Exploits

Trying to match CVEs (1): CVE-2005-2330
Trying to match OSVDBs (1): 18249
Other Possible E-DB Search Terms: osCommerce 2.2,  osCommerce
Date D V Title Author
2011-10-20Download Exploit Code Verified osCommerce - Arbitrary File Upload / File Disclosureindoushka
2011-02-04Download Exploit Code Waiting verification osCommerce - Authentication BypassNicolas Kra...
2013-02-12Download Exploit Code Verified osCommerce - Cross-Site Request ForgeryJakub Galczyk
2003-03-20Download Exploit Code Verified osCommerce 2.1/2.2 - Info_Message Cross-Site ScriptingiProyectos ...
2008-05-05Download Exploit Code Verified osCommerce 2.1/2.2 - Multiple Cross-Site Scripting VulnerabilitiesDavid Sopas...
2006-08-30Download Exploit Code Verified osCommerce 2.1/2.2 - product_info.php SQL InjectionJames Bercegay
2006-04-14Download Exploit Code Verified osCommerce 2.2 - (extras) Source Code Disclosurergod
2005-02-15Download Exploit Code Verified osCommerce 2.2 - Contact_us.php Cross-Site ScriptingJohn Cobb
2010-11-09Download Exploit Code Verified osCommerce 2.2 - Cross-Site Request Forgerydaandevelop...
2009-12-26Download Exploit Code Verified osCommerce 2.2rc2a - Bypass/Create and Download Backupindoushka
2011-05-14Download Exploit Code Waiting verification osCommerce 2.3.1 - 'banner_manager.php' Arbitrary File UploadNumber 7
2010-04-30Download Exploit Code Verified osCommerce 3.0a5 - Local File Inclusion / HTML InjectionJordi Chancel
2010-08-26Download Exploit Code Waiting verification osCommerce Online Merchant - Remote File InclusionLoSt.HaCkEr
2010-05-30Download Exploit Code Waiting verification osCommerce Online Merchant 2.2 - Arbitrary File UploadMasterGipy
2010-05-30Download Exploit Code Verified osCommerce Online Merchant 2.2 - File Disclosure / Authentication BypassFlyff666
2010-05-28Download Exploit Code Verified osCommerce Visitor Web Stats AddOn - 'Accept-Language' Header SQL InjectionChristopher...
2010-09-27Download Exploit Code Waiting verification Allpc 2.5 osCommerce - SQL Injection / Cross-Site Scripting**RoAd_KiLl...
2002-06-16Download Exploit Code Verified osCommerce 2.1 - Remote File InclusionTim Vanderm...
2005-06-17Download Exploit Code Verified osCommerce 2.1/2.2 - Multiple HTTP Response Splitting VulnerabilitiesJames Bercegay
2006-10-04Download Exploit Code Verified osCommerce 2.2 - 'admin/newsletters.php' page Parameter Cross-Site ScriptingLostmon
2006-10-04Download Exploit Code Verified osCommerce 2.2 - admin/banner_manager.php page Parameter Cross-Site ScriptingLostmon
2006-10-04Download Exploit Code Verified osCommerce 2.2 - admin/banner_statistics.php page Parameter Cross-Site ScriptingLostmon
2006-10-04Download Exploit Code Verified osCommerce 2.2 - admin/countries.php page Parameter Cross-Site ScriptingLostmon
2006-10-04Download Exploit Code Verified osCommerce 2.2 - admin/currencies.php page Parameter Cross-Site ScriptingLostmon
2006-10-04Download Exploit Code Verified osCommerce 2.2 - admin/languages.php page Parameter Cross-Site ScriptingLostmon
Menu