Extropia WebStore Directory Traversal Vulnerability
BID:1774
Info
Extropia WebStore Directory Traversal Vulnerability
| Bugtraq ID: | 1774 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Oct 09 2000 12:00AM |
| Updated: | Oct 09 2000 12:00AM |
| Credit: | Posted to Bugtraq on October 9, 2000 by f0bic <[email protected]>. |
| Vulnerable: |
Extropia WebStore 2.0 Extropia WebStore 1.0 |
| Not Vulnerable: | |
Discussion
Extropia WebStore Directory Traversal Vulnerability
Extropia WebStore is an e-commerce shopping cart application consisting of routines for error handling, order processing, encrypted mailing, frames, Javascript and VBscript.
The routine web_store.cgi does not properly handle the $file_extension variable if null characters are used.
For example if the following URL was requested, the file in question would not be delivered to the user:
http://target/cgi-bin/Web_Store/web_store.cgi?page=../../../path/filename.ext
However, by using the escaped character "%00", the requested file would be accessed successfully:
http://target/cgi-bin/Web_Store/web_store.cgi?page=../../../path/filename%00ext
Successful exploitation could lead to a remote intruder gaining read access to any known file.
Extropia WebStore is an e-commerce shopping cart application consisting of routines for error handling, order processing, encrypted mailing, frames, Javascript and VBscript.
The routine web_store.cgi does not properly handle the $file_extension variable if null characters are used.
For example if the following URL was requested, the file in question would not be delivered to the user:
http://target/cgi-bin/Web_Store/web_store.cgi?page=../../../path/filename.ext
However, by using the escaped character "%00", the requested file would be accessed successfully:
http://target/cgi-bin/Web_Store/web_store.cgi?page=../../../path/filename%00ext
Successful exploitation could lead to a remote intruder gaining read access to any known file.
Exploit / POC
Extropia WebStore Directory Traversal Vulnerability
http://target/cgi-bin/Web_Store/web_store.cgi?page=../../../path/filename%00ext
http://target/cgi-bin/Web_Store/web_store.cgi?page=../../../path/filename%00ext
Solution / Fix
Extropia WebStore Directory Traversal Vulnerability
Solution:
According to Extropia, the latest release of WebStore is not affected by this vulnerability.
http://www.extropia.com/download.html
Solution:
According to Extropia, the latest release of WebStore is not affected by this vulnerability.
http://www.extropia.com/download.html
References
Extropia WebStore Directory Traversal Vulnerability
References:
References:
- WebStore Product Homepage (Extropia)