[CommerceSQL] Remote File Read Vulnerability
CommerceSQL shopping cart (http://commercesql.com) allows remote file reading.
It only needs to specially prepared page variable in index.cgi to allow reading
remote files (like /etc/passwd)
By using prepared GET page variable it allows user to read remote files
Example:
With index.cgi?page=../../../../../../../../etc/passwd puts out your
/etc/passwd on the screen of pottential attacker.
Vulnerable:
* All CommerceSQL Shopping Cart Versions
Exploits:
* Not needed
Patch:
* Not yet available
--
Mariusz "Craig" Cieśla <craig@xxxxxxxxx>
getNet network administrator / security consultant