SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
IT News
Search
SecurityAlert Database
About SecurityAlert
ExploitAlert Database
SecurityReason Research
WLB
WLB Database
Send to WLB
About WLB
Services
Security Audit
Schedule
Prices of services
Contact
RSS
SecurityReason IT News
SecurityAlert
World Laboratory of Bugtraq
ExploitAlert
Apache
PHP
Corporate
Contact
About SecurityReason
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Home arrow SecurityAlert Database

Arrow  Topic :

Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability


Arrow  SecurityAlert : 13
Arrow  CVE : CVE-2005-3026
Arrow  SecurityRisk : Medium  Security Risk Medium  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Exploit Available : Yes
Arrow  Credit : h4cky0u gmail com
Arrow  Published : 19.09.2005

Arrow  Affected Software : Alstrasoft Epay Pro 2.0 and prior



Arrow  Advisory Content :  

------------------------------------------------------
HYA-2005-008 h4cky0u.org Advisory 008
------------------------------------------------------
Date - Mon Sep 19 2005

TITLE:
======

Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability

SEVERITY:
=========

Medium

SOFTWARE:
=========

Alstrasoft EPay Pro v2.0 and prior

INFO:
=====

EPay Pro is the ultimate software solution for those who wish to run their
own Paypal, Stormpay, or e-gold type of online business. Epay Pro comes
with a ready out of the box website with all the features you need to run
your own payment gateway system.

Support Website : http://www.alstrasoft.com/epay.htm

BUG DESCRIPTION:
================

EPay Pro version 2.0 and prior are vulnerable caused by an improper
validation of user-supplied input. A remote attacker could embed in the
index.php etc/passwd containing embedded code in the payment or send
parameter which, once the link is clicked, would be executed to see
passwords within the security context of the hosting server. An attacker
could use this vulnerability to see all the victim's password
authentication credentials.

POC:
====

Here is an example:

http://targeturl/index.php?read=../../../../../../../../../../../../../.
./etc/passwd

VENDOR STATUS:
==============

Vendor has been contacted but no response recieved till date.

FIX:
====

No fix available as of date.

CREDITS:
========

This vulnerability was discovered and researched by
GeMe-GeMeS of h4cky0u Security Forums.

mail : GeMeGeMeS at Gmail.Com

web : http://www.h4cky0u.org

ORIGINAL ADVISORY:
==================

http://www.h4cky0u.org/advisories/HYA-2005-008-alstrasoft-epay-pro.txt




Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc:fts_*() Multiple Denial of Service

Security Risk Medium- 2009-10-02

The fts functions are provided for traversing UNIX file hierarchies...
Apache RSS Apache Alert

» Apache 1.3.41 mod_proxy
   Integer overflow (code
   execution)

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion in work
   directory

» Apache Tomcat 6.0.20 and
   5.5.28 insecure partial
   deploy after failed
   undeploy

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion and/or
   alteration
PHP RSS PHP Alert

» PHP 5.2.12/5.3.1 Multiple
   Vulnerabilities

» PHP 5.2.11 libgd multiple
   vulnerabilities

» PHP 5.2.11 tempnam()
   safe_mode bypass

» PHP 5.3.0 5.2.11
   posix_mkfifo()
   open_basedir bypass
Copyright © SecurityReason.com. All Rights Reserved.