SeaGlass Technologies sglMerchant Directory Traversal Vulnerability

sglMerchant is a web-commerce application.

sglMerchant does not adequately filter user-supplied input in the form of '../' sequences. It is possible for a remote attacker to construct a web request which will break out of wwwroot to browse the filesystem of the host. The attacker may exploit this issue to display arbitrary web-readable files.

The sensitive information contained in disclosed files may aid the attacker in making further, more educated attempts at fully compromising the host.


Privacy Statement
Copyright 2010, SecurityFocus