[VIM] Valdersoft Shopping Cart - follow-up

security curmudgeon jericho at attrition.org
Fri Mar 2 03:08:37 EST 2007


Since the product isn't free, I was checking to see if the three different 
common.php files mentioned were all the same, or attempt to determine it 
via the demo on the vendor's web site. When loading them, one only yields 
a blank page (common_include/common.php) and the other two resulted in a 
path disclosure when calling the files directly. So as best I can tell, 
at least one of the files may be different than the rest, or may require 
some form of additional access.


More information about the VIM mailing list