Dcscripts Dcshop 1.002 Beta HTTP GET Request auth_user_file.txt Password information disclosure
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.2 | $0-$5k | 0.03 |
A vulnerability has been found in Dcscripts Dcshop 1.002 Beta and classified as critical. This vulnerability affects an unknown code block of the file orders.txt/auth_user_file.txt of the component HTTP GET Request Handler. The manipulation with an unknown input leads to a information disclosure vulnerability (Password). The CWE definition for the vulnerability is CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. As an impact it is known to affect confidentiality. CVE summarizes:
The default configuration of DCShop 1.002 beta places sensitive files in the cgi-bin directory, which could allow remote attackers to read sensitive data via an HTTP GET request for (1) orders.txt or (2) auth_user_file.txt.
The weakness was published 12/06/2001 (Website). The advisory is shared for download at securityfocus.com. This vulnerability was named CVE-2001-0821. The exploitation appears to be easy. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are known technical details, but no exploit is available. The MITRE ATT&CK project declares the attack technique as T1592.
By approaching the search of inurl:orders.txt/auth_user_file.txt it is possible to find vulnerable targets with Google Hacking. The vulnerability scanner Nessus provides a plugin with the ID 10718 , which helps to determine the existence of the flaw in a target environment.
Proper firewalling of is able to address this issue. Attack attempts may be identified with Snort ID 1555.
The vulnerability is also documented in the databases at X-Force (6707), Vulnerability Center (SBV-1621) and Tenable (10718).
Product
Vendor
Name
CPE 2.3
CPE 2.2
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 5.2
VulDB Base Score: 5.3
VulDB Temp Score: 5.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Name: PasswordClass: Information disclosure / Password
CWE: CWE-200 / CWE-284 / CWE-266
ATT&CK: T1592
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
Google Hack: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Nessus ID: 10718
OpenVAS ID: 10718
OpenVAS Name: DCShop exposes sensitive files
OpenVAS File: 🔍
OpenVAS Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: FirewallStatus: 🔍
0-Day Time: 🔍
Snort ID: 1555
Snort Message: SERVER-WEBAPP DCShop access
Snort Class: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
SourceFire IPS: 🔍
ISS Proventia IPS: 🔍
Timeline
06/18/2001 🔍12/06/2001 🔍
12/06/2001 🔍
12/06/2001 🔍
08/10/2003 🔍
07/10/2014 🔍
05/11/2019 🔍
Sources
Advisory: securityfocus.com [404 Not Found]Status: Not defined
Confirmation: 🔍
CVE: CVE-2001-0821 (🔍)
X-Force: 6707
Vulnerability Center: 1621 - DCShop 1.002 Default Configuration Reveals Sensitive Files and Accounts, Medium
SecurityFocus: 2889 - DCForum DCShop File Disclosure Vulnerability
Entry
Created: 07/10/2014 05:13 PMUpdated: 05/11/2019 10:07 AM
Changes: 07/10/2014 05:13 PM (70), 05/11/2019 10:07 AM (3)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.