new advisory

Type securityvulns
Reporter Securityvulns
Modified 2001-04-04T00:00:00


---=== UkR security team - Advisory ===--- uStorekeeper(tm) Online Shopping System - Runtime Script - 'arbitrary file retreival' vulnerability Date: 03.04.2001 Problem: input validation error. Vulnerable products: version 1.61 (probably others, but not tested) Product vendor: Microburst Technologies / Comment: '..' and '/' are not filtered while processing user input, so it is possible to enter arbitrary values to retreive files from remote sever, which should not be accessible normally (for ex., /etc/passwd). Workaround:

this will help in somewhat...

$input =~ s/[(\.\.)|\/]//g; Author: XblP /UkR security team ( group ( Greets Exploit: Example:| Greets: my love Zemfirius, dev/ice security team, Legion2000 group, Void team, Acidfalz team, IHG team and other ppls.