Cosmoshop 'pwd.cgi'任意文件创建漏洞

Bugtraq ID:66323 CosmoShop是基于Magento的云电商系统。 攻击者可通过使用特制的请求利用该漏洞在服务器上创建任意文件。 0 Cosmoshop 目前没有详细解决方案： http://www.cosmoshop.de/...

Cosmoshop pwd.cgi htaccess Creation

Author: l0om http://l0om.org Date: 10.03.2014 Overview: Cosmoshop is installed with a lot of admin scripts which should be only accessible as the logged-in admin. The script "pwd.cgi" is not protected and will create a .htaccess file for the admin-directory with any content. This may lead to...