|
Vulnerability Shopping cart Affected Quickstore Shopping cart 2.00, 2.09.05, 2.05.10 Description Following is based on a Cgi Security Advisory #1. This particular script has had several past security issues. In a few versions of QuikStore's Shopping Cart it is posible to read any world readable file on the server. One such example is that someone could easily get your password file if it is unshadowed. Also, it's possible, after the passwords have been cracked, to steal credit card information (Yes it does use pgp but some admins may keep the key on the same system. Yes its very likely it could happen.), or client personal information. The problem lies in QuikStore.cgi itself. The following example (found below) grabs the cgi programs actual source code. You can imagine other ways to exploit this. Author decided not to post the actual exploit so he may be able to save a few sites from a *few* script kiddies (although a 2 year old should be able to figure it out). Another potential problem is that it is posible to read configuration files, and potentially expose paths to sensitive files, or information which you probably do not want people to know about. http://somesite/cgi-bin/quikstore.cgi?page=../quikstore.cgi%00html&cart_id= (Grabs the cgi's source code) A lot of the ways attackers get into your network are through the weakest link in the chain. If a server hosts 1,000 sites, and you are able to get the password file, it is not only possible to endanger your own website, but all other websites located on the same machine as yours. BE CAREFUL WHAT YOU ALLOW FOR SCRIPTS. Solution The vendor has been contacted and will issue a fix soon. NOTE: If you believe you are running a vulnerable version please contact your system administrator or ISP or keep checking the vendor for patches and upgrades.