ShopPlus shopplus.cgi Arbitrary Command Execution

2001-08-05T00:00:00
ID OSVDB:645
Type osvdb
Reporter OSVDB
Modified 2001-08-05T00:00:00

Description

Vulnerability Description

ShopCart Plus contains a flaw that allows a remote attacker to execute arbitrary commands. The flaw is due to no sanity checking on input supplied to the "file" variable. It is possible to supply a ";" and any valid unix command, which will be executed by the program.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Kabotie Software Technologies has released a patch to address this vulnerability.

Short Description

ShopCart Plus contains a flaw that allows a remote attacker to execute arbitrary commands. The flaw is due to no sanity checking on input supplied to the "file" variable. It is possible to supply a ";" and any valid unix command, which will be executed by the program.

Manual Testing Notes

host/scripts/shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;uid| host/scripts/shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20/etc/passwd|

References:

Vendor URL: http://www.ksofttech.com/shopplus.html Nessus Plugin ID:10774 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-09/0012.html ISS X-Force ID: 7077 CVE-2001-0992 Bugtraq ID: 3294