Happymall versions 4.3 and 4.4 are still susceptible to well-known directory traversal and cross-site scripting vulnerabilities.
2160d0ca9967b7f3be732542f6b644d9b3909f0a8887c019ce26db04d69ab92dHappymall E-Commerce Directory Transversal Bug and Cross-site scripting
Vendor: Happycgi.com
Product: Happymall
Versions: 4.3, 4.4 (patched version too)
'normal_html.cgi' doesn't filter user-supplied input. The well-known directory transversal
and cross-site scripting (XSS) vulnerabilities are present in Happymall (patched version too).
The impact is that attackers can read files on the system and use XSS tricks to steal
cookies and other informations.
An example: /shop/normal_html.cgi?file=../../../../../../etc/issue%00
/shop/normal_html.cgi?file=<script>alert("XSS")</script>
Even happycgi.com is vulnerable to these bugs.
Solution: I have contacted CERTCC-KR.
Greetings: y0Rk, iplogd, rfds, VUGO, psaux, romer, cronus, Sh0dan, jo3y_, psyc, Red_Hat
BoLoDoRio, c7g, C0VER, SaintsLD, sarkastics, B_Real and #xcorp @ BRASNet :)
Julio "e2fsck" Cesar, <e2fsck@bol.com.br>
e2fsck @ irc.brasnet.org
san dimas high school football rules
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed