[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[CommerceSQL] Remote File Read Vulnerability
- To: bugtraq@securityfocus.com
- Subject: [CommerceSQL] Remote File Read Vulnerability
- From: Mariusz Ciesla <craig@tenbit.pl>
- Date: 23 Nov 2003 18:47:39 -0000
CommerceSQL shopping cart (http://commercesql.com) allows remote file reading.
It only needs to specially prepared page variable in index.cgi to allow reading
remote files (like /etc/passwd)
By using prepared GET page variable it allows user to read remote files
Example:
With index.cgi?page=../../../../../../../../etc/passwd puts out your
/etc/passwd on the screen of pottential attacker.
Vulnerable:
* All CommerceSQL Shopping Cart Versions
Exploits:
* Not needed
Patch:
* Not yet available
--
Mariusz "Craig" Cieśla <craig@tenbit.pl>
getNet network administrator / security consultant