Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: e-commerce, shopping carts :: storecgi.htm

Thinking Arts Store.cgi Directory traversal vulnerability



Vulnerability

    Store.cgi

Affected

    Thinking Arts Store.cgi

Description

    Following is based on a b10z cgi advisory by slipy.  Thinking Arts
    LTD  E-Commerce  package  comes  with  a  webstore frontend called
    store.cgi which allows people to basically order products on their
    website over a SQL database.

    Adding the string "/../" to an URL allows an attacker to view  any
    file on the  server, and also  list directories within  the server
    which the owner of the vulnerable httpd has permissions to access.
    Remote execution of  commands does not  apear to be  possible with
    this directory traversal bug, but directory listings are.   Please
    note that you do need the %00.html at the end of your command.

    Examples:

        http://www.VULNERABLE.com/cgi-bin/store.cgi?
        StartID=../etc/hosts%00.html
        ^^ = Will obviously open the hosts file.
        
        http://www.VULNERABLE.com/cgi-bin/store.cgi?
        StartID=../etc/%00.html
        ^^ = Will obviously list the /etc/ directory.

Solution

    Vendor has been contacted.  No reply from them yet.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH