ashop-multi.txt

2007-07-19T00:00:00
ID PACKETSTORM:57861
Type packetstorm
Reporter Timq
Modified 2007-07-19T00:00:00

Description

                                        
                                            `A-shop <=0.70 Multiple vulnerabilities  
  
Found Bug: Timq  
site:http://private-node.net  
email:timq@hushmail.com  
  
  
Vendor:http://www.rammdev.com/ashop/  
  
PoC:  
http://site.com/admin/filebrowser.asp?folder=products&delfiles=[del any file on server]  
  
It is possible to delete not only the files in the folders listed,  
but also ouside its directory.  
Also possible sql injections in other areas.  
`