Phase:EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters.
ReferencesBUGTRAQ:Sunday, February 27, 2000 EZ Shopper 3.0 shopping cart CGI remote command execution | URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0356.html | BID:1014 | URL:http://www.securityfocus.com/bid/1014
Votes:Proposed (Wednesday, March 22, 2000)
Comments: ACCEPT(2) Ozancin, Levy | MODIFY(1) Frech | NOOP(6) Christey, Blake, LeBlanc, Wall, Baker, Cole
F7: Christey> Since EZShopper is written in Perl, there is strong evidence | that both the .. and metacharacter attack probably go | through the same insecure open() call. (Perl's open can | either read a regular file, or read piped output from | a command that is specified to the open). | Frech> XF:ezshopper-loadpage-cgi(4044)