TUCoPS :: Web :: e-commerce, shopping carts :: hack0943.htm

oscommerce 2.2 file_manager.php file browsing
oscommerce 2.2 file_manager.php file browsing



l0om - l0om[at]excluded.org - www.excluded.org 

 

greets, 

while i was "warsearching" with google i suddenly 

have been on the admin interfaces of many oscommerce 

sites. i made a: 

allinurl:admin/file_manager.php 

 

for nomal you can only view your oscommerce 

directorys, but if you type in the following you can 

view any file on the server with the webservers 

permissions: 

file_manager.php?action=download&filename=../../../../../../../../

etc/passwd 

 

as you have to be logged in this isnt hot but i think  

its better to know about it. 

 

 

l0om 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH