ProfitCode Software PayProCart Directory Traversal Vulnerability
BID:13006
Info
ProfitCode Software PayProCart Directory Traversal Vulnerability
| Bugtraq ID: | 13006 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-1005 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 05 2005 12:00AM |
| Updated: | Jul 12 2009 11:56AM |
| Credit: | Discovery is credited to Diabolic Crab <[email protected]>. |
| Vulnerable: |
ProfitCode Software PayProCart 3.0 |
| Not Vulnerable: | |
Discussion
ProfitCode Software PayProCart Directory Traversal Vulnerability
ProfitCode Software PayProCart may allow a remote attacker to carry out directory traversal attacks.
It is reported that this issue can be exploited by issuing a specially crafted HTTP GET request and supplying directory traversal sequences followed by a target file name through an affected parameter.
Reportedly, the attacker can gain access to file owned by the administrator and gain administrative access to the application by accessing the administrative panel. The attacker is able to gain access to the administrative panel without providing authentication credentials.
PayProCart versions 3.0 is affected by this issue. Other versions may be affected as well.
ProfitCode Software PayProCart may allow a remote attacker to carry out directory traversal attacks.
It is reported that this issue can be exploited by issuing a specially crafted HTTP GET request and supplying directory traversal sequences followed by a target file name through an affected parameter.
Reportedly, the attacker can gain access to file owned by the administrator and gain administrative access to the application by accessing the administrative panel. The attacker is able to gain access to the administrative panel without providing authentication credentials.
PayProCart versions 3.0 is affected by this issue. Other versions may be affected as well.
Exploit / POC
ProfitCode Software PayProCart Directory Traversal Vulnerability
An exploit is not required.
The following proof of concept can allow an attacker to gain administrative access to the application:
http://www.example.com/adminshop/index.php?proMod=index&amp%3bftoedit=..%2fshopincs%2fmaintopENG
An exploit is not required.
The following proof of concept can allow an attacker to gain administrative access to the application:
http://www.example.com/adminshop/index.php?proMod=index&amp%3bftoedit=..%2fshopincs%2fmaintopENG
Solution / Fix
ProfitCode Software PayProCart Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
ProfitCode Software PayProCart Directory Traversal Vulnerability
References:
References:
- Authenticaion bypass, Directory transversal and XSS vulnerabilities in PayProCar (Diabolic Crab)
- PayProCart Product Page (ProfitCode Software)