Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Date: Fri Feb 16 2001 - 01:14:01 CST
Thinking Arts LTD E-Commerce package comes
with a webstore frontend called store.cgi which
allows people to basically order products on their
website over a SQL database.
The vendors website is:
Problem: Simple Directory Traversal
Adding the string "/../" to an URL allows an attacker to
view any file on the server, and also list directories
within the server which the owner of the vulnerable
httpd has permissions to access. Remote execution
of commands does not apear to be possible with this
directory traversal bug, but directory listings are.
Please note that you do need the %00.html at the end
of your command.
^^ = Will obviously open the hosts file.
^^ = Will obviously list the /etc/ directory.
Vendor has been contacted. No reply from them yet,
and seeing only 3 sites who signed up for their dumb
service are affected, so it doesn't really matter now
b10z cgi advisory.
February 16th, 2001.