header-logo
Suggest Exploit
vendor:
A-shop
by:
Timq
N/A
CVSS
N/A
Multiple vulnerabilities
CWE
Product Name: A-shop
Affected Version From: 0.7
Affected Version To: 0.7
Patch Exists: No
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Unknown
2007

A-shop <=0.70 Multiple vulnerabilities

There are multiple vulnerabilities in A-shop <=0.70. One of the vulnerabilities is a file deletion vulnerability where an attacker can delete any file on the server by exploiting the 'filebrowser.asp' script. Another vulnerability is SQL injection which can be exploited in various areas of the application.

Mitigation:

Unknown
Source

Exploit-DB raw data:

A-shop <=0.70 Multiple vulnerabilities

Found Bug: Timq
site:http://private-node.net
email:timq@hushmail.com


Vendor:http://www.rammdev.com/ashop/

PoC:
http://site.com/admin/filebrowser.asp?folder=products&delfiles=[del any file on server]

It is possible to delete not only the files in the folders listed,
but also ouside its directory.
Also possible sql injections in other areas.

# milw0rm.com [2007-07-18]

Navigation

Suggest Exploit

Services By CQR