minivend - shopping application (up to version 4.*)


download from: www.minivend.com (akopia-now)


problem description:

vulnerability was found during the 2nd openhack-contest (thanks for the money eweek :-)

due tu missing input validation and "bad" perl open-commands it
is possible to issue any op-system commands with webserver s
permissions

example:

http://www.cheapshop.com/cgi-bin/simple/view_page.html?mv_arg=|/bin/ls|


RC-EOF