X-Cart general.php Command Execution

2004-02-03T09:19:37
ID OSVDB:3808
Type osvdb
Reporter Philip(securityfocus@magicwebsolutions.co.uk)
Modified 2004-02-03T09:19:37

Description

Vulnerability Description

X-Cart contains a flaw that may allow a remote attacker to execute arbitrary commands. The problem is that the 'general.php' script does not validate user-supplied input to the "perl_binary" variable. With a specially crafted URL request a remote attacker could execute arbitrary commands with the privileges of the Web server resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

X-Cart contains a flaw that may allow a remote attacker to execute arbitrary commands. The problem is that the 'general.php' script does not validate user-supplied input to the "perl_binary" variable. With a specially crafted URL request a remote attacker could execute arbitrary commands with the privileges of the Web server resulting in a loss of integrity.

Manual Testing Notes

http://[victim]/admin/general.php?mode=perlinfo&config[General][perl_binary]=/bin/ls -lR ||

References:

Vendor URL: http://www.x-cart.com/ Secunia Advisory ID:10783 Related OSVDB ID: 3809 Related OSVDB ID: 3810 Related OSVDB ID: 3811 Other Advisory URL: http://marc.theaimsgroup.com/?l=bugtraq&m=107582648326448&w=2 ISS X-Force ID: 15034 CVE-2004-0241 Bugtraq ID: 9560