[32534] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[CommerceSQL] Remote File Read Vulnerability

daemon@ATHENA.MIT.EDU (Mariusz Ciesla)
Mon Nov 24 11:42:22 2003

Date: 23 Nov 2003 18:47:39 -0000
Message-ID: <20031123184739.27406.qmail@sf-www1-symnsj.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Mariusz Ciesla <craig@tenbit.pl>
To: bugtraq@securityfocus.com

CommerceSQL shopping cart (http://commercesql.com) allows remote file reading. It only needs to specially prepared page variable in index.cgi to allow reading remote files (like /etc/passwd)

By using prepared GET page variable it allows user to read remote files

Example:
With index.cgi?page=../../../../../../../../etc/passwd puts out your /etc/passwd on the screen of pottential attacker.

Vulnerable:
* All CommerceSQL Shopping Cart Versions

Exploits:
* Not needed

Patch:
* Not yet available

-- 
Mariusz "Craig" Cie&#347;la <craig@tenbit.pl>
getNet network administrator / security consultant


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[32534] in bugtraq

[CommerceSQL] Remote File Read Vulnerability

daemon@ATHENA.MIT.EDU (Mariusz Ciesla)Mon Nov 24 11:42:22 2003

daemon@ATHENA.MIT.EDU (Mariusz Ciesla)
Mon Nov 24 11:42:22 2003