Full Disclosure mailing list archives
bug in oscomerce
From: zeus olimpusklan <zeus.olimpusklan () gmail com>
Date: Tue, 27 Dec 2005 14:37:51 -0600
########################################################################### #Advisory #2 Title: file Modification in osCommerce # # # Author: 0o_zeus_o0 # Contact: zeus () diosdelared com # Website: olimpusklan.org # Date: 27/12/2005 # Risk: High # Vendor Url: http://www.oscommerce.com/ # Affected Software: osCommerce # Non Affected: # # We Are: Olimpus KlaN # #TECHNICAL INFO #================================================================ # #it is simple to operate bug as long as the file file_manager.php #exists in the administration panel. # #thanks to this file we can visualize archives such as configure.php #bug is serious since if the file has permissions of writing can modify #the site or to accede to the FTP of the same one # #BUG #================================================================ #http://www.site.org/admin/file_manager.php #http://www.site.org/admin/file_manager.php?info=archive.php&action=edit #http://www.site.org/admin/file_manager.php?info=archive.php&action=edit # #VULNERABLE VERSIONS #================================================================ # All # # #================================================================ Contact information #0o_zeus_o0 #zeus () diosdelared com #www.olimpusklan.org #================================================================ #greetz: lady fire, fraude, adi, xoxo , pandora, mbyte ,S.s.m. ##############################################################################
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- bug in oscomerce zeus olimpusklan (Dec 27)