SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
IT News
Search
SecurityAlert Database
About SecurityAlert
ExploitAlert Database
SecurityReason Research
WLB
WLB Database
Send to WLB
About WLB
Services
Security Audit
Schedule
Prices of services
Contact
RSS
SecurityReason IT News
SecurityAlert
World Laboratory of Bugtraq
ExploitAlert
Apache
PHP
Corporate
Contact
About SecurityReason
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Home arrow SecurityAlert Database

Arrow  Topic :

Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability


Arrow  SecurityAlert : 13
Arrow  CVE : CVE-2005-3026
Arrow  SecurityRisk : Medium  Security Risk Medium  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Exploit Available : Yes
Arrow  Credit : h4cky0u gmail com
Arrow  Published : 19.09.2005

Arrow  Affected Software : Alstrasoft Epay Pro 2.0 and prior



Arrow  Advisory Content :  

------------------------------------------------------
HYA-2005-008 h4cky0u.org Advisory 008
------------------------------------------------------
Date - Mon Sep 19 2005

TITLE:
======

Alstrasoft Epay Pro 2.0 and prior Directory Traversal Vulnerability

SEVERITY:
=========

Medium

SOFTWARE:
=========

Alstrasoft EPay Pro v2.0 and prior

INFO:
=====

EPay Pro is the ultimate software solution for those who wish to run their
own Paypal, Stormpay, or e-gold type of online business. Epay Pro comes
with a ready out of the box website with all the features you need to run
your own payment gateway system.

Support Website : http://www.alstrasoft.com/epay.htm

BUG DESCRIPTION:
================

EPay Pro version 2.0 and prior are vulnerable caused by an improper
validation of user-supplied input. A remote attacker could embed in the
index.php etc/passwd containing embedded code in the payment or send
parameter which, once the link is clicked, would be executed to see
passwords within the security context of the hosting server. An attacker
could use this vulnerability to see all the victim's password
authentication credentials.

POC:
====

Here is an example:

http://targeturl/index.php?read=../../../../../../../../../../../../../.
./etc/passwd

VENDOR STATUS:
==============

Vendor has been contacted but no response recieved till date.

FIX:
====

No fix available as of date.

CREDITS:
========

This vulnerability was discovered and researched by
GeMe-GeMeS of h4cky0u Security Forums.

mail : GeMeGeMeS at Gmail.Com

web : http://www.h4cky0u.org

ORIGINAL ADVISORY:
==================

http://www.h4cky0u.org/advisories/HYA-2005-008-alstrasoft-epay-pro.txt




Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc/fnmatch(3) DoS

Security Risk Medium- 2011-05-13

Allow attacker to denial of service apache 2.2.17 server
Apache RSS Apache Alert

» Apache HTTP Server Denial
   of Service Vulnerability

» Multiple Vendors
   libc/fnmatch(3) DoS (incl
   apache poc)

» Apache Continuum
   cross-site scripting
   vulnerability

» Apache Tomcat DoS
   Vulnerability
PHP RSS PHP Alert

» PHP Hashtables Denial of
   Service

» PHP 5.3.6 multiple null
   pointer dereference

» PHP 5.3.6 ZipArchive
   invalid use glob(3)

» libzip 0.9.3
   _zip_name_locate NULL
   Pointer Dereference (incl
   PHP 5.3.5)
ADT

Protect your family and valuables with Home Security Systems
Copyright © SecurityReason.com. All Rights Reserved.