Re: osCommerce File Manager Directory Traversal Vulnerability

[Aikanáro Calaelen <aikanaro.calaelen () gmail com>]

Well I can't realize about wich version you're talking ! maybe you're
talking about 1.0 ?

On 22 Mar 2005 16:32:05 -0000, Megasky <magasky () hotmail com> wrote:
> there is allready a post on this that have
> file_manager.php?action=download&filename=../../../../../../etc/passwd

So first admin should be password protected, so you'll never access to
those files.
Second safe mode won't let you download any file even if you'r loggued as admin.
 
> sometime the action=download doesn't work , so i tried action=read
> /admin/file_manager.php?action=read&filename=../../../../
This will read the catalog folder, what is vurnerable ?