3 matches found
Cosmoshop - XSS on Admin-Login Mask
author: l0om page: l0om.org date: 14.02.2015 Cosmoshop is a simple webshop designed for the german market. There is a simple XSS flaw at the admin-login panel in probably all cosmoshop versions. The admin login can be found at http://www.shop-site.de/cgi-bin/cosmoshop/admin/index.cgi This page wi...
Authentication-Bypass in CosmoShop ePRO V10.17.00 (and lower, maybe higher)
Issue: Authentication-Bypass in CosmoShop ePRO V10.17.00 and lower, maybe higher Author: l0om http://l0om.org Date: 26.02.2013 Overview: Cosmoshop provides an admin backup-function which saves .htaccess protected MySQL dump files in a backup directory. This directory does only prevent HTTP...
Cosmoshop pwd.cgi htaccess Creation
Author: l0om http://l0om.org Date: 10.03.2014 Overview: Cosmoshop is installed with a lot of admin scripts which should be only accessible as the logged-in admin. The script "pwd.cgi" is not protected and will create a .htaccess file for the admin-directory with any content. This may lead to...