commerceSQL.txt

2003-11-25T00:00:00
ID PACKETSTORM:32264
Type packetstorm
Reporter Mariusz Ciesla
Modified 2003-11-25T00:00:00

Description

                                        
                                            `CommerceSQL shopping cart (http://commercesql.com) allows remote file reading. It only needs to specially prepared page variable in index.cgi to allow reading remote files (like /etc/passwd)  
  
By using prepared GET page variable it allows user to read remote files  
  
Example:  
With index.cgi?page=../../../../../../../../etc/passwd puts out your /etc/passwd on the screen of pottential attacker.  
  
Vulnerable:  
* All CommerceSQL Shopping Cart Versions  
  
Exploits:  
* Not needed  
  
Patch:  
* Not yet available  
  
--   
Mariusz "Craig" Cieśla <craig@tenbit.pl>  
getNet network administrator / security consultant  
  
`