One more flaw in Happymall
From: Julio Cesar (e2fsck_at_bol.com.br)
Date: 05/12/03
- Previous message: Albert Puigsech Galicia: "Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 12 May 2003 16:19:49 -0000 To: bugtraq@securityfocus.com('binary' encoding is not supported, stored as-is)
Happymall E-Commerce Directory Transversal Bug and Cross-site scripting
Vendor: Happycgi.com
Product: Happymall
Versions: 4.3, 4.4 (patched version too)
'normal_html.cgi' doesn't filter user-supplied input. The well-known
directory transversal
and cross-site scripting (XSS) vulnerabilities are present in Happymall
(patched version too).
The impact is that attackers can read files on the system and use XSS
tricks to steal
cookies and other informations.
An example: /shop/normal_html.cgi?file=../../../../../../etc/issue%00
/shop/normal_html.cgi?file=<script>alert("XSS")</script>
Even happycgi.com is vulnerable to these bugs.
Solution: I have contacted CERTCC-KR.
Greetings: y0Rk, iplogd, rfds, VUGO, psaux, romer, cronus, Sh0dan, jo3y_,
psyc, Red_Hat BoLoDoRio, c7g, C0VER, SaintsLD, sarkastics, B_Real and
#xcorp @ BRASNet :)
Julio "e2fsck" Cesar, <e2fsck@bol.com.br>
e2fsck @ irc.brasnet.org
san dimas high school football rules
- Previous message: Albert Puigsech Galicia: "Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
