
directory traversal vulnerability. The GET command allowed users to open
the order.log file (home1/boatingct/cgi-bin/Web_store/Admin_files/
order.log) and copy the file from BoatingCT.com’s machine to their own
machines. Intruders from around the world had gained unauthorized access
to BoatingCT.com’s daily order file, and to its customer order and credit
card information. BoatingCT.com was informed of its software problem by
the FBI. The company upgraded its shopping cart software to the latest
version of WebStore (version 2.0), which was immune to this vulnerability.
This patch had been available since October 2000, six months before the
company’