[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenCart 1.5.6.4 Directory Traversal Vulnerability

To: iedb.team@xxxxxxxxx
Subject: Re: OpenCart 1.5.6.4 Directory Traversal Vulnerability
From: Henri Salo <henri@xxxxxxx>
Date: Sun, 1 Jun 2014 10:40:41 +0300

On Thu, May 29, 2014 at 01:40:54PM +0000, iedb.team@xxxxxxxxx wrote:
> http://iedb.ir/up/imagef-140139785162051-jpg.html
> #  Archive Exploit = http://www.iedb.ir/exploits-1731.html

I was unable to reproduce this issue in OpenCart version 1.5.6.4. From the
picture this seems to be path disclosure issue or could you provide working
proof-of-concept to exploit directory traversal issue? Did you report this to
vendor? Does this have CVE? Did you use any plugins or themes (like Shoppica) or
did you have OpenCart as module/extension in some other software?

Sadly at the moment this looks like yet another fake/false from iedb.

---
Henri Salo

Attachment: signature.asc
Description: Digital signature

Prev by Date: [SECURITY] [DSA 2942-1] typo3-src security update
Next by Date: [slackware-security] mariadb (SSA:2014-152-01)
Previous by thread: [SECURITY] [DSA 2942-1] typo3-src security update
Next by thread: [slackware-security] mariadb (SSA:2014-152-01)
Index(es):
- Date
- Thread