|
l0om - l0om[at]excluded.org - www.excluded.org greets, while i was "warsearching" with google i suddenly have been on the admin interfaces of many oscommerce sites. i made a: allinurl:admin/file_manager.php for nomal you can only view your oscommerce directorys, but if you type in the following you can view any file on the server with the webservers permissions: file_manager.php?action=download&filename=../../../../../../../../ etc/passwd as you have to be logged in this isnt hot but i think its better to know about it. l0om