[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Re: Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Re: Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability
From: h4cky0u <h4cky0u.org@xxxxxxxxx>
Date: Mon, 19 Sep 2005 01:07:03 +0530

The ORIGINAL ADVISORY to the whole issue could be found at -
 http://h4cky0u.org/advisories/HYA-2005-008-alstrasoft-epay-pro.txt

 On 9/19/05, h4cky0u <h4cky0u.org@xxxxxxxxx> wrote: 
> 
>  ------------------------------------------------------
>       HYA-2005-008 h4cky0u.org <http://h4cky0u.org/> Advisory 008
> ------------------------------------------------------
> Date - Mon Sep 19 2005
> 
> 
> TITLE:
> ======
> 
> Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability
> 
> 
> SEVERITY:
> =========
> 
> Medium
> 
> 
> SOFTWARE:
> =========
> 
> Alstrasoft EPay Pro v2.0 and prior
> 
> 
> INFO:
> =====
> 
> EPay Pro is the ultimate software solution for those who wish to run their 
> own  Paypal, Stormpay, or e-gold type of online business. Epay Pro comes with 
> a ready out of the box website with all the features you need to run your own 
> payment gateway system.
> 
> Support Website : http://www.alstrasoft.com/epay.htm
> 
> 
> BUG DESCRIPTION:
> ================
> 
> EPay Pro version 2.0 and prior are vulnerable caused by an improper 
> validation of user-supplied input. A remote attacker could embed in the 
> index.php etc/passwd containing embedded code in the payment or send 
> parameter which, once the link is clicked, would be executed to see passwords 
> within the security context of the hosting server. An attacker could use this 
> vulnerability to see all the victim's password authentication credentials.
> 
> 
> POC:
> ====
> 
> Here is an example:
> http://targeturl/index.php?read=../../../../../../../../../../../../../../etc/passwd
> 
> 
> VENDOR STATUS:
> ==============
> 
> Vendor has been contacted but no response recieved till date.
> 
> 
> FIX:
> ====
> 
> No fix available as of date.
> 
> 
> CREDITS:
> ========
> 
> This vulnerability was discovered and researched by
> GeMe-GeMeS of h4cky0u Security Forums.
> 
> 
> mail : GeMeGeMeS at Gmail.Com
> 
> web : http://www.h4cky0u.org
> 
> -- 
> http://www.h4cky0u.org
> (In)Security at its best... 
> 



-- 
http://www.h4cky0u.org
(In)Security at its best...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability
  - From: h4cky0u

Prev by Date: [Full-disclosure] Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability
Next by Date: [Full-disclosure] [ GLSA 200509-11 ] Mozilla Suite, Mozilla Firefox: Buffer overflow
Previous by thread: [Full-disclosure] Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability
Next by thread: [Full-disclosure] [ GLSA 200509-11 ] Mozilla Suite, Mozilla Firefox: Buffer overflow
Index(es):
- Date
- Thread