CVE-2004-0293
CVSS5.0
发布时间 :2004-11-23 00:00:00
修订时间 :2016-10-17 22:43:19
NMCOES    

[原文]Directory traversal vulnerability in ShopCartCGI 2.3 allows remote attackers to retrieve arbitrary files via a .. (dot dot) in a HTTP request to (1) gotopage.cgi or (2) genindexpage.cgi.


[CNNVD]ShopCartCGI远程文件泄露漏洞(CNNVD-200411-116)

        
        ShopCartCGI是一款方便的设计和维护自己WEB购物系统的脚本程序。
        ShopCartCGI部分脚本对用户提交的URI请求缺少充分过滤,远程攻击者可以利用这个漏洞以WEB权限查看系统任意文件内容。
        提交包含多个'../'字符的数据给'gotopage.cgi'和'genindexpage.cgi'脚本,可绕过WEB ROOT限制,以WEB进程权限查看系统任意文件内容。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0293
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0293
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200411-116
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=107703602707450&w=2
(UNKNOWN)  BUGTRAQ  20040217 ZH2004-06SA (security advisory): ShopCartCGI v2.3 Remote
http://www.securityfocus.com/bid/9670
(VENDOR_ADVISORY)  BID  9670
http://www.zone-h.org/en/advisories/read/id=3962/
(UNKNOWN)  MISC  http://www.zone-h.org/en/advisories/read/id=3962/
http://xforce.iss.net/xforce/xfdb/14982
(VENDOR_ADVISORY)  XF  shopcartcgi-dotdot-directory-traversal(14982)

- 漏洞信息

ShopCartCGI远程文件泄露漏洞
中危 输入验证
2004-11-23 00:00:00 2005-10-20 00:00:00
远程  
        
        ShopCartCGI是一款方便的设计和维护自己WEB购物系统的脚本程序。
        ShopCartCGI部分脚本对用户提交的URI请求缺少充分过滤,远程攻击者可以利用这个漏洞以WEB权限查看系统任意文件内容。
        提交包含多个'../'字符的数据给'gotopage.cgi'和'genindexpage.cgi'脚本,可绕过WEB ROOT限制,以WEB进程权限查看系统任意文件内容。
        

- 公告与补丁

        厂商补丁:
        ShopCartCGI
        -----------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.ggmate.com/ShopCartCGISoftware/

- 漏洞信息 (23705)

ShopCartCGI 2.3 gotopage.cgi Traversal Arbitrary File Access (EDBID:23705)
cgi webapps
2004-02-16 Verified
0 G00db0y
N/A [点击下载]
source: http://www.securityfocus.com/bid/9670/info

It has been reported that ShopcartCGI is prone to a remote file disclosure vulnerability. This issue is due to insufficient validation of user-supplied input.

Upon successful exploitation of this issue an attacker may be able to gain access to sensitive system files, potentially facilitating further attacks.

http://www.example.com/directory/gotopage.cgi?13686+/../../../../../../../../../../../../../../../../etc/passwd		

- 漏洞信息 (23706)

ShopCartCGI 2.3 genindexpage.cgi Traversal Arbitrary File Access (EDBID:23706)
cgi webapps
2004-02-16 Verified
0 G00db0y
N/A [点击下载]
source: http://www.securityfocus.com/bid/9670/info
 
It has been reported that ShopcartCGI is prone to a remote file disclosure vulnerability. This issue is due to insufficient validation of user-supplied input.
 
Upon successful exploitation of this issue an attacker may be able to gain access to sensitive system files, potentially facilitating further attacks.

http://www.example.com/directory/genindexpage.cgi?13687+Home+/../../../../../../../../../../../../../../../../etc/passwd		

- 漏洞信息

3978
ShopCartCGI gotopage.cgi Traversal Arbitrary File Access
Remote / Network Access Input Manipulation
Loss of Confidentiality, Loss of Integrity
Exploit Public

- 漏洞描述

ShopCartCGI contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the "gotopage.cgi" script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "+" variable.

- 时间线

2004-02-17 Unknow
2004-02-17 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

ShopCartCGI Remote File Disclosure Vulnerability
Input Validation Error 9670
Yes No
2004-02-16 12:00:00 2009-07-12 03:06:00
Disclosure of this issue is credited to G00db0y.

- 受影响的程序版本

Voice Of Web AllMyVisitors 0.4
Voice Of Web AllMyVisitors 0.3
ShopCartCGI ShopCartCGI 2.3
ShopCartCGI ShopCartCGI 2.4

- 不受影响的程序版本

ShopCartCGI ShopCartCGI 2.4

- 漏洞讨论

It has been reported that ShopcartCGI is prone to a remote file disclosure vulnerability. This issue is due to insufficient validation of user-supplied input.

Upon successful exploitation of this issue an attacker may be able to gain access to sensitive system files, potentially facilitating further attacks.

- 漏洞利用

No exploit is required to leverage this issue. The following proof of concept has been provided:

http://www.example.com/directory/gotopage.cgi?13686+/../../../../../../../../../../../../../../../../etc/passwd

http://www.example.com/directory/genindexpage.cgi?13687+Home+/../../../../../../../../../../../../../../../../etc/passwd

- 解决方案

The vendor has released an update to address this issue:


ShopCartCGI ShopCartCGI 2.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站