[VIM] apt-webshop-system issue

Steven M. Christey coley at mitre.org
Mon Apr 10 18:27:29 EDT 2006


FYI, some vuln DBs are skipping this item from r0t's advisory:

  http://pridels.blogspot.com/2006/04/apt-webshop-system-vuln.html

  Bonnus:

  /modules.php?warp=File


This smells like directory traversal or some related issue.  I did not
investigate extensively since the vendor site is in German and the
source does not appear to be available; however, a simple modification
of the warp value in one of the "demo-shops" generated a verbose error
message that suggested a problem in pathname construction.

- Steve


More information about the VIM mailing list