Signature Detail
Short Name |
HTTP:CGI:EXTROPIA-DIR-TRAVERSAL |
|---|---|
Severity |
Low |
Recommended |
No |
Category |
HTTP |
Keywords |
eXtropia WebStore Directory Traversal |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: eXtropia WebStore Directory Traversal
This signature detects directory traversal attempts that exploit the Web_store.cgi script vulnerability in Extropia. Attackers can access arbitrary files on the Web server.
Extended Description
Extropia WebStore is an e-commerce shopping cart application consisting of routines for error handling, order processing, encrypted mailing, frames, Javascript and VBscript. The routine web_store.cgi does not properly handle the $file_extension variable if null characters are used. For example if the following URL was requested, the file in question would not be delivered to the user: http://target/cgi-bin/Web_Store/web_store.cgi?page=../../../path/filename.ext However, by using the escaped character "%00", the requested file would be accessed successfully: http://target/cgi-bin/Web_Store/web_store.cgi?page=../../../path/filename%00ext Successful exploitation could lead to a remote intruder gaining read access to any known file.
Affected Products
- Extropia WebStore 1.0.0
- Extropia WebStore 2.0.0
References
- BugTraq: 1774
- CVE: CVE-2000-1005