[VIM] apt-webshop-system issue
Steven M. Christey
coley at mitre.org
Mon Apr 10 18:27:29 EDT 2006
FYI, some vuln DBs are skipping this item from r0t's advisory:
http://pridels.blogspot.com/2006/04/apt-webshop-system-vuln.html
Bonnus:
/modules.php?warp=File
This smells like directory traversal or some related issue. I did not
investigate extensively since the vendor site is in German and the
source does not appear to be available; however, a simple modification
of the warp value in one of the "demo-shops" generated a verbose error
message that suggested a problem in pathname construction.
- Steve
More information about the VIM
mailing list