[UNIX] ShopPlus Arbitrary Command Execution Vulnerability
From: support@securiteam.comDate: 09/06/01
- Previous message: support@securiteam.com: "[NEWS] %u Encoding IDS Bypass Vulnerability (UTF)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Subject: [UNIX] ShopPlus Arbitrary Command Execution Vulnerability Message-Id: <20010906050923.5B6B3138C0@mail.der-keiler.de> Date: Thu, 6 Sep 2001 07:09:23 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
ShopPlus Arbitrary Command Execution Vulnerability
------------------------------------------------------------------------
SUMMARY
The ShopPlus shopping cart system allows you to build a store or a mall on
the Internet. Because of its flexibility, it allows you to sell virtually
any product or services and fully customize the shopping experience of
your web site. A security vulnerability in the product allows attackers to
execute arbitrary commands on the remote server with the security
privileges of the web server (usually 'nobody').
DETAILS
A security vulnerability in the way ShopPlus opens files allows attackers
to cause the program to execute arbitrary commands and to return the
content of that command back to the attacking user.
Example:
Accessing the below URL will allow an attacker to view the content of the
/etc/passwd file.
http://host/scripts/shopplus.cgi?dn=host&cartid=%CARTID%&file=;cat%20/etc/passwd|
ADDITIONAL INFORMATION
The information has been provided by <mailto:secure@punkass.com>
Kernel|X|.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NEWS] %u Encoding IDS Bypass Vulnerability (UTF)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
