[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[CommerceSQL] Remote File Read Vulnerability

To: bugtraq@securityfocus.com
Subject: [CommerceSQL] Remote File Read Vulnerability
From: Mariusz Ciesla <craig@tenbit.pl>
Date: 23 Nov 2003 18:47:39 -0000


CommerceSQL shopping cart (http://commercesql.com) allows remote file reading. 
It only needs to specially prepared page variable in index.cgi to allow reading 
remote files (like /etc/passwd)

By using prepared GET page variable it allows user to read remote files

Example:
With index.cgi?page=../../../../../../../../etc/passwd puts out your 
/etc/passwd on the screen of pottential attacker.

Vulnerable:
* All CommerceSQL Shopping Cart Versions

Exploits:
* Not needed

Patch:
* Not yet available

-- 
Mariusz "Craig" Cie&#347;la <craig@tenbit.pl>
getNet network administrator / security consultant

Prev by Date: Re: yet another panic() in OpenBSD
Next by Date: simple buffer overflow in gedit
Previous by thread: [Opera 7] Arbitrary File Auto-Saved Vulnerability.
Next by thread: simple buffer overflow in gedit
Index(es):
- Date
- Thread