Web Server 4D/eCommerce 3.5.3 Directory Traversal Vulnerability

Type securityvulns
Reporter Securityvulns
Modified 2002-01-15T00:00:00



Web Server 4D/eCommerce 3.5.3 Directory Traversal Vulnerability

Type: Directory Traversal

Release Date: December 15, 2002

Product / Vendor: Web Server 4D/eCommerce is a single application that includes a shopping cart, credit card authorization, and order tracking.


Summary: A vulnerability exists in WS4D/eCommerce which could allow an unauthorized user to gain access to a known file residing on the target host.

This is achievable if a specially crafted URL composed of double dot "../" directory traversal sequences, with Unicode character representations substituted for "/" and "\" , is submitted to a host.

Example: http://host/%2f..%2f..%2f../ws4d.log.txt

And view webserver log file.

Tested: Windows 2000 / Web Server 4D/eCommerce 3.5.3

Vulnerable: Web Server 4D/eCommerce 3.5.3 (And may be other)

Disclaimer: http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory.

Authors: Tamer Sahin ts@securityoffice.net http://www.securityoffice.net

Tamer Sahin http://www.securityoffice.net PGP Key ID: 0x2B5EDCB0 Fingerprint: B96A 5DFC E0D9 D615 8D28 7A1B BB8B A453 2B5E DCB0

-----BEGIN PGP SIGNATURE----- Version: PGP 7.1

iQA/AwUBPENen7uLpFMrXtywEQLnVQCdGhlNqNuWlluKNn+D7SXO2LyW9c8AoMNE XKb9PeN8Ro9jxsTVgHpLs7JC =bi0h -----END PGP SIGNATURE-----

============================================================================ Delivery co-sponsored by VeriSign - The Internet Trust Company ============================================================================ FREE E-COMMERCE SECURITY INFRASTRUCTURE GUIDE When building an e-commerce site, you want to start with a strong, secure foundation. Learn how with VeriSign's FREE White Paper, "Building an E-Commerce Trust Infrastructure." See how you can authenticate your site to customers, use 128-Bit SSL encryption to secure your web servers, and accept secure payments online. Click here: http://www.verisign.com/cgi-bin/go.cgi?a=n116965650045000 ============================================================================