Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Subject: Cgisecurity Quickstore Shopping cart
Date: Mon Nov 20 2000 - 18:03:14 CST
- Next message: Loki: "Big Brother Advisory - Fate Research Labs"
- Previous message: Linux Mandrake Security Team: "[Security Announce] MDKSA-2000:072 - joe update"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Now i already released this on my site but i forgot to post to bugtraq somehow.
Vendor was contacted and i waited awhile for a response and got none back.
Upgrade to the newest version for a fix.
(ps. check bugtraq for older holes in the same product)
[Cgi Security Advisory #1]
Quikstore Shopping Cart
Problem first discovered
Script effected: QuikStore Shopping Cart
Known versions effected:
Possible other versions. Those listed above are confirmed.
1. Past problems
This particular script has had several past security issues.
Check bugtraq or www.securityfocus.com for further details.
In a few versions of QuikStore's Shopping Cart it is posible to
read any world readable file on the server. One such example is that
someone could easily get your password file if it is unshadowed. Also,
it's possible, after the passwords have been cracked, to steal credit card
information(Yes it does use pgp but some admins may keep the key on the
same system. Yes its very likely it could happen.) ,or client personal
The problem lies in QuikStore.cgi itself. The following example (found
below) grabs the cgi programs actual source code. You can imagine other
ways to exploit this. I decided not to post the actual exploit so I may be
able to save a few sites from a *few* script kiddies (although a 2 year
old should be able to figure it out). Another potential problem is that it
is posible to read configuration files, and potentially expose paths to
sensitive files, or information which you probably do not want people to
(Grabs the cgi's source code)
3. More problems
A lot of the ways attackers get into your network are through the weakest
link in the chain. If a server hosts 1,000 sites, and you are able to get
the password file, it is not only possible to endanger your own website,
but all other websites located on the same machine as yours.
BE CAREFUL WHAT YOU ALLOW FOR SCRIPTS.
The vendor has been contacted and will issue a fix soon.
NOTE: If you believe you are running a vulnerable version please
contact your system administrator or ISP or keep checking the vendor
for patches and upgrades.
Published to the Public October 30th 2000
Copyright September 2000 Cgisecurity.com