QuikStore Malformed File Request Path Disclosure

2003-12-23T19:41:29
ID OSVDB:15390
Type osvdb
Reporter Dr`Ponidi(drponidi@hackermail.com)
Modified 2003-12-23T19:41:29

Description

Vulnerability Description

QuikStore Shopping Cart contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malformed request passing a single quote (') occurs, which will generate an error message disclosing information resulting in a loss of confidentiality.

Technical Description

http://[target]/cgi-bin/quikstore.cgi?store='

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, QuikStore has released a patch to address this vulnerability.

Short Description

QuikStore Shopping Cart contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malformed request passing a single quote (') occurs, which will generate an error message disclosing information resulting in a loss of confidentiality.

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-12/0314.html ISS X-Force ID: 14073 Bugtraq ID: 9282