[] NeoSense
E X P L O I T S
title author type platform port cve id

Hassan Consulting Shopping Cart 1.18 - Directory Traversal

Author: f0bic
type: remote
platform: cgi
port: 
date_added: 2000-10-07 
date_updated: 2017-10-07 
verified: 1 
codes: CVE-2000-0921;OSVDB-1596 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/1777/info

The $page variable in Hassan Consulting Shopping Cart does not properly check for insecure relative paths such as the double dot "..". Therefore, requesting the following URL will display the specified file:

http://target/cgi-bin/shop.cgi/page=../../../path/filename.ext

Successful exploitation could lead to a remote intruder gaining read access to any known file.
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.