[VIM] Valdersoft Shopping Cart - follow-up
security curmudgeon
jericho at attrition.org
Fri Mar 2 03:08:37 EST 2007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-6691
Since the product isn't free, I was checking to see if the three different
common.php files mentioned were all the same, or attempt to determine it
via the demo on the vendor's web site. When loading them, one only yields
a blank page (common_include/common.php) and the other two resulted in a
path disclosure when calling the files directly. So as best I can tell,
at least one of the files may be different than the rest, or may require
some form of additional access.
http://www.valdersoft.com/store/include/common.php
http://www.valdersoft.com/store/admin/include/common.php
More information about the VIM
mailing list