[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Dansie Shopping Cart Discloses Installation Path to Remote Users

To: bugtraq@securityfocus.com
Subject: Dansie Shopping Cart Discloses Installation Path to Remote Users
From: "Dr`Ponidi Haryanto" <drponidi@hackermail.com>
Date: Sun, 26 Oct 2003 23:45:33 +0800

Indonesia Security Development Team Advisory


Dansie Shopping Cart Discloses Installation Path to Remote Users
================================================================

     Advisory Name: Dansie Shopping Cart Discloses Installation Path to Remote 
Users
      Release Date: 5:21 AM 10/20/03
       Application: Dansie Shopping cart
            Author: Dr`Ponidi <drponidi@kecoak.org>     
       Discover by: Dr`Ponidi <drponidi@kecoak.org>
  Acknowledgments : Vulnerability discovery, exploit code, and advisory by 
Dr`Ponidi
     Vendor Status: The vendor has been contacted and a patch is not yet 
produced
        Vendor URL: http://www.dansie.net/cart.html
         Reference: http://drponidi.5u.com/advisory.htm
         Greetz to: #indohack #k-elektronik #c|c #dhegleng @ dal.net


[Details]
A remote user can reportedly send request to cause the system
to display an error message that indicates the installation path.
It's possible to make a malformed http request for many files in
Dansie Shopping Cart and in doing so trigger an error.
The resulting error message will disclose potentially sensitive installation
path information to the remote attacker.


[Proof of Concept]
http://www.site.com/cgi-bin/cart.pl?db='


[Suggestions]
Filter all files.


[About Indonesia Security Development Team]
Indonesia Security Development Team, research and develop intelligent, advanced 
application
security assessment.Based in Indonesia, Indonesia Security Development Team 
offers best of
breed security consulting services, specialising in shopping carts software and 
network
security assessments.We provides security information and patches for use by 
the entire
security network community.

This information is provided freely to all interested parties and may be 
redistributed
provided
that it is not altered in any way, Author is appropriately credited and the 
document retains.

Indonesia Security Development Team Advisory:
http://drponidi.5u.com/advisory.htm

________________________________________________________________
Dr`Ponidi <drponidi@kecoak.org>
Original document can be fount at http://drponidi.5u.com/advisory.htm


-- 
_______________________________________________
Get your free email from http://www.hackermail.com

Powered by Outblaze

Prev by Date: Re: Internet Explorer and Opera local zone restriction bypass
Next by Date: Some serious security holes in 'The Bat!'
Previous by thread: Re: a dangerous fast spreading (yet simple) trojan horse.
Next by thread: Some serious security holes in 'The Bat!'
Index(es):
- Date
- Thread