I write about a vulnerability in /cgi-bin/Store/store.cgi <-- This is
part of a software that Key to the web (http://www.keyweb.com) use for
her "e-comerce solutions". In her page you can find a list of posible
webs with this vulnerability (but you must be faster becouse can be
early patched :). The description about this vulnerability is the next:
Name: Key to the web cgi-bin/Store/store.cgi "Show files" vulnerability.
Problem: Adding the string "/../%00" will allow an remote attacker to
be able to view any files on the server.
by: _TacK_ (TacK@ole.com)
Un saludo para la peña del irc-hispano !!!!!!!
Salud y (A)!!!!!!!!