Quikstore File Disclosure Vulnerability
BID:2049
Info
Quikstore File Disclosure Vulnerability
| Bugtraq ID: | 2049 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Nov 20 2000 12:00AM |
| Updated: | Nov 20 2000 12:00AM |
| Credit: | Reported to Bugtraq by zenomorph/"[email protected]" <[email protected]> on Mon, 20 Nov 2000. |
| Vulnerable: |
Quikstore Quikstore 2.9.10 Quikstore Quikstore 2.9.5 Quikstore Quikstore 2.0 |
| Not Vulnerable: | |
Discussion
Quikstore File Disclosure Vulnerability
A vulnerability exists in several versions of Quikstore Shopping Cart, an ecommerce script from i-Soft.
A failure to properly validate user-supplied input can lead the script to disclose files not normally available to a remote user.
This could include any world-readable file on the affected host, including password files, server configuration information, credit card information and business models, and other sensitive data.
A vulnerability exists in several versions of Quikstore Shopping Cart, an ecommerce script from i-Soft.
A failure to properly validate user-supplied input can lead the script to disclose files not normally available to a remote user.
This could include any world-readable file on the affected host, including password files, server configuration information, credit card information and business models, and other sensitive data.
Exploit / POC
Quikstore File Disclosure Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Quikstore File Disclosure Vulnerability
Solution:
Quikstore contacted Security-Focus.com with the following fix information:
As of 12/20/2000 a security patch has been created for this File Disclosure Vulnerability and is available to any registered Quikstore user by simply sending an email to <[email protected]>. If the customer is uncomfortable installing this patch, we will be happy to install it for them.
Solution:
Quikstore contacted Security-Focus.com with the following fix information:
As of 12/20/2000 a security patch has been created for this File Disclosure Vulnerability and is available to any registered Quikstore user by simply sending an email to <[email protected]>. If the customer is uncomfortable installing this patch, we will be happy to install it for them.
References
Quikstore File Disclosure Vulnerability
References:
References: