CommerceSQL shopping cart (http://commercesql.com) allows remote file reading. It only needs to specially prepared page variable in index.cgi to allow reading remote files (like /etc/passwd)
By using prepared GET page variable it allows user to read remote files
Example:
With index.cgi?page=../../../../../../../../etc/passwd puts out your /etc/passwd on the screen of pottential attacker.
CommerceSQL shopping cart (http://commercesql.com) allows remote file reading. It only needs to specially prepared page variable in index.cgi to allow reading remote files (like /etc/passwd)
By using prepared GET page variable it allows user to read remote files
Example:
With index.cgi?page=../../../../../../../../etc/passwd puts out your /etc/passwd on the screen of pottential attacker.
Vulnerable:
* All CommerceSQL Shopping Cart Versions
Exploits:
* Not needed
Patch:
* Not yet available
--
Mariusz "Craig" Cieśla <craig (at) tenbit (dot) pl [email concealed]>
getNet network administrator / security consultant
[ reply ]