Date: 23 Nov 2003 18:47:39 -0000
From: Mariusz Ciesla <[email protected]>
To: [email protected]Subject: [CommerceSQL] Remote File Read Vulnerability
CommerceSQL shopping cart (http://commercesql.com) allows remote file reading. It only needs to specially prepared page variable in index.cgi to allow reading remote files (like /etc/passwd)
By using prepared GET page variable it allows user to read remote files
Example:
With index.cgi?page=../../../../../../../../etc/passwd puts out your /etc/passwd on the screen of pottential attacker.
Vulnerable:
* All CommerceSQL Shopping Cart Versions
Exploits:
* Not needed
Patch:
* Not yet available
--
Mariusz "Craig" Cieśla <[email protected]>
getNet network administrator / security consultant
