Q-Shop Shopping Cart Authentication Flaw Lets Remote Users Upload and Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1007155 |
|
SecurityTracker URL: http://securitytracker.com/id/1007155
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jul 10 2003
|
Impact:
Execution of arbitrary code via network, User access via network
|
|
Version(s): 2.5
|
Description:
A vulnerability was reported in the Q-Shop ASP-based shopping cart software. A remote user can upload and execute arbitrary code on the system.
Zone-H reported that a remote user can access an administrative page used to upload files to the server without having to authenticate. The default location of the page is '/qshop/admin/upload.htm'.
A remote user can invoke this page to upload arbitrary code to the web server. Then, the remote user can cause the web server to execute the code with the privileges of the web server process.
The vendor has reportedly been notified.
|
Impact:
A remote user can upload files containing scripting code to the web server and then cause the web server to execute the code.
|
Solution:
No solution was available at the time of this entry.
The author of the report has indicated that, as a workaround, you can disable the upload process.
|
Vendor URL: quadcomm.com/qshop/ (Links to External Site)
|
Cause:
Authentication error
|
Underlying OS:
Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: 9 Jul 2003 15:27:21 -0000
Subject: ZH2003-2SA (security advisory): QShop priviledge escalation
|
ZH2003-2SA (security advisory): QShop priviledge escalation
Published: 09/07/2003
Released: 09/07/2003
Name: QShop priviledge escalation
Affected Systems: QShop v2.5 (and older versions?)
Issue: Remote attackers can obtain full access to the remote system
Author: G00db0y@zone-h.org
Description
***********
Zone-h Security Team has discovered a serious security flaw in QShop v2.5
(and older versions?). This storefront system allows remote
administration for an online shopping system. The remote administration
usually is in the directory /qshop/admin.
Details
*******
Q-Shop is an ASP shopping cart / storefront system that covers all the
needs for ecommerce web sites. Q-Shop is not just a shopping cart but a
full online shop system including web based shop administration.
In the remote administration there is a script that allows the
administrator to add images, text etc. on the webserver. This page is by
default located at: /qshop/admin/upload.htm . This page is reachable
without authentication. Using this sample upload script it is possible
for a remote attacker to upload files like ntdaddy.asp, cmd.asp,
explore.asp on the webserver gaining full access to the webserver.
Solution:
*********
The vendor has been contacted and a patch is not yet produced
Suggestions:
************
Delete the upload procedure.
G00db0y - www.zone-h.org admin
Original advisory: http://www.zone-h.org/en/advisories/read/id=2654/
|
|
