Hassan Shopping Cart shop.cgi Arbitrary File Access

2000-10-07T00:00:00
ID OSVDB:1596
Type osvdb
Reporter f0bic(f0bic@deadprotocol.org)
Modified 2000-10-07T00:00:00

Description

Vulnerability Description

Hassan Shop Cart contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the "shop.cgi" not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "page" variable.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Hassan Shop Cart contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the "shop.cgi" not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "page" variable.

Manual Testing Notes

http://[victim/cgi-bin/shop.cgi/page=../../../../etc/passwd

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-10/0115.html Keyword: Directory Traversal ISS X-Force ID: 5342 CVE-2000-0921 Bugtraq ID: 1777