[原文]ProfitCode PayProCart 3.0 allows remote attackers to bypass authentication and gain administrative privileges to the admin control panel, as demonstrated via a direct request to adminshop/index.php with hex-encoded .. sequences in the ftoedit parameter.
PayProCart contains an input validation error in the authentication process that
may allow a malicious user to bypass authentication and access the administrative
control panel. The flaw exists because the application does not validate the
'ftoedit' parameter containing directory traversal style characters (ie: /../) upon submission to the 'adminshop/index.php' script.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Discovery is credited to Diabolic Crab <email@example.com>.
ProfitCode Software PayProCart 3.0
ProfitCode Software PayProCart may allow a remote attacker to carry out directory traversal attacks.
It is reported that this issue can be exploited by issuing a specially crafted HTTP GET request and supplying directory traversal sequences followed by a target file name through an affected parameter.
Reportedly, the attacker can gain access to file owned by the administrator and gain administrative access to the application by accessing the administrative panel. The attacker is able to gain access to the administrative panel without providing authentication credentials.
PayProCart versions 3.0 is affected by this issue. Other versions may be affected as well.
An exploit is not required.
The following proof of concept can allow an attacker to gain administrative access to the application:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.