Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Remote file access >> eXtropia Web Store remote file retrieval


Vulnerability Assessment Details

eXtropia Web Store remote file retrieval

Vulnerability Assessment Summary
eXtropia Web Store remote file retrieval

Detailed Explanation for this Vulnerability Assessment
eXtropia's Web Store shopping cart
program permits the remote file retrieval of any file
that ends in a .html extension. Further, by supplying
a URL with an imbedded null byte, the script can be made
to retrieve any file at all.

Example:
GET /cgi-bin/Web_Store/web_store.cgi?page=../../../../etc/passwd%00.html

will return /etc/passwd.

Solution: None available at this time

Network Security Threat Level: High

Networks Security ID: 1774

Vulnerability Assessment Copyright: This script is Copyright (C) 2000 Thomas Reinke

Cables, Connectors


Original Intel Xeon E5-2470 V2 2.4 GHz Ten-Cores SR19S LGA 1356 Processor CPU picture

Original Intel Xeon E5-2470 V2 2.4 GHz Ten-Cores SR19S LGA 1356 Processor CPU

$29.58



Dell Gaming PC Computer Xeon 32GB RAM 2TB HDD 24

Dell Gaming PC Computer Xeon 32GB RAM 2TB HDD 24" LCD Windows 10 NVIDIA Graphics

$359.95



Dell Precision Tower 3620 MT Xeon E3-1245 V5 16GB RAM 128GB M.2 1TB HDD Win10Pro picture

Dell Precision Tower 3620 MT Xeon E3-1245 V5 16GB RAM 128GB M.2 1TB HDD Win10Pro

$229.99



HP Z420 Xeon E5-1620 (3.60 GHz, 8GB Ram, No HDD) Tower Workstation Computer picture

HP Z420 Xeon E5-1620 (3.60 GHz, 8GB Ram, No HDD) Tower Workstation Computer

$80.99



CM8066002031501 INTEL XEON E5-2680V4 2.40GHZ 35MB 14-CORE 120W PROCESSOR picture

CM8066002031501 INTEL XEON E5-2680V4 2.40GHZ 35MB 14-CORE 120W PROCESSOR

$62.95



Intel Xeon E5-2690 V2 SR1A5 3.00GHz 25M 10-Core LGA 2011 Server Processor 130W picture

Intel Xeon E5-2690 V2 SR1A5 3.00GHz 25M 10-Core LGA 2011 Server Processor 130W

$25.00



Intel Xeon E5-2696 V4 SR2J0 2.20GHz 22-Core 44-Thread LGA2011-3 Processor CPU picture

Intel Xeon E5-2696 V4 SR2J0 2.20GHz 22-Core 44-Thread LGA2011-3 Processor CPU

$173.99



Intel Xeon E5-2697 v2 12 Core 2.7GHz 30M 8GT/s SR19H Clean Pull CPU Processor picture

Intel Xeon E5-2697 v2 12 Core 2.7GHz 30M 8GT/s SR19H Clean Pull CPU Processor

$50.95



Intel Xeon E5-2667 V2 SR19W 3.30GHz 8Cores 130W IvyBridge EP  25MB 130W LGA2011  picture

Intel Xeon E5-2667 V2 SR19W 3.30GHz 8Cores 130W IvyBridge EP 25MB 130W LGA2011

$25.00



Intel® Xeon® Processor E3-1245 v3 8M Cache, 3.40 GHz Processor SR14T picture

Intel® Xeon® Processor E3-1245 v3 8M Cache, 3.40 GHz Processor SR14T

$29.00



Discussions

No Discussions have been posted on this vulnerability.