Title: Extropia WebStore Directory Traversal Vulnerability
Severity: MODERATE
Description:
Extropia WebStore is an e-commerce shopping cart application consisting of routines for error handling, order processing, encrypted mailing, frames, Javascript and VBscript.
The routine web_store.cgi does not properly handle the $file_extension variable if null characters are used.
For example if the following URL was requested, the file in question would not be delivered to the user:
http://target/cgi-bin/Web_Store/web_store.cgi?page=../../../path/filename.ext
However, by using the escaped character "%00", the requested file would be accessed successfully:
http://target/cgi-bin/Web_Store/web_store.cgi?page=../../../path/filename%00ext
Successful exploitation could lead to a remote intruder gaining read access to any known file.
Affected Products:
- Extropia WebStore 1.0.0
- Extropia WebStore 2.0.0
References:
- Extropia: WebStore Product Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
