Bugtraq mailing list archives
Re: osCommerce File Manager Directory Traversal Vulnerability
From: Aikanáro Calaelen <aikanaro.calaelen () gmail com>
Date: Wed, 23 Mar 2005 08:48:50 +0300
Well I can't realize about wich version you're talking ! maybe you're talking about 1.0 ? On 22 Mar 2005 16:32:05 -0000, Megasky <magasky () hotmail com> wrote:
there is allready a post on this that have file_manager.php?action=download&filename=../../../../../../etc/passwd
So first admin should be password protected, so you'll never access to those files. Second safe mode won't let you download any file even if you'r loggued as admin.
sometime the action=download doesn't work , so i tried action=read /admin/file_manager.php?action=read&filename=../../../../
This will read the catalog folder, what is vurnerable ?
Current thread:
- osCommerce File Manager Directory Traversal Vulnerability Megasky (Mar 22)
- Re: osCommerce File Manager Directory Traversal Vulnerability Aikanáro Calaelen (Mar 23)