osCommerce versions 2.x suffer from a directory traversal attack that allows for access to directories outside of the webroot.
3107c48a97297e43059422e4412939d4c8573f182c0a92a23911da5610afd136l0om - l0om[at]excluded.org - www.excluded.org
greets,
while i was "warsearching" with google i suddenly
have been on the admin interfaces of many oscommerce
sites. i made a:
allinurl:admin/file_manager.php
for nomal you can only view your oscommerce
directorys, but if you type in the following you can
view any file on the server with the webservers
permissions:
file_manager.php?action=download&filename=../../../../../../../../
etc/passwd
as you have to be logged in this isnt hot but i think
its better to know about it.
l0om
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed