Bugtraq: Re: osCommerce File Manager Directory Traversal Vulnerability

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: osCommerce File Manager Directory Traversal Vulnerability

From: Aikanáro Calaelen <aikanaro.calaelen () gmail com>
Date: Wed, 23 Mar 2005 08:48:50 +0300

Well I can't realize about wich version you're talking ! maybe you're
talking about 1.0 ?

On 22 Mar 2005 16:32:05 -0000, Megasky <magasky () hotmail com> wrote:



there is allready a post on this that have
file_manager.php?action=download&filename=../../../../../../etc/passwd


So first admin should be password protected, so you'll never access to
those files.
Second safe mode won't let you download any file even if you'r loggued as admin.

sometime the action=download doesn't work , so i tried action=read
/admin/file_manager.php?action=read&filename=../../../../

This will read the catalog folder, what is vurnerable ?

By Date By Thread

Current thread:

osCommerce File Manager Directory Traversal Vulnerability Megasky (Mar 22)
- Re: osCommerce File Manager Directory Traversal Vulnerability Aikanáro Calaelen (Mar 23)