-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Web Server 4D/eCommerce 3.5.3 Directory Traversal Vulnerability Type: Directory Traversal Release Date: December 15, 2002 Product / Vendor: Web Server 4D/eCommerce is a single application that includes a shopping cart, credit card authorization, and order tracking. http://www.mdg.com Summary: A vulnerability exists in WS4D/eCommerce which could allow an unauthorized user to gain access to a known file residing on the target host. This is achievable if a specially crafted URL composed of double dot "../" directory traversal sequences, with Unicode character representations substituted for "/" and "\" , is submitted to a host. Example: http://host/%2f..%2f..%2f../ws4d.log.txt And view webserver log file. Tested: Windows 2000 / Web Server 4D/eCommerce 3.5.3 Vulnerable: Web Server 4D/eCommerce 3.5.3 (And may be other) Disclaimer: http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. Authors: Tamer Sahin ts@securityoffice.net http://www.securityoffice.net Tamer Sahin http://www.securityoffice.net PGP Key ID: 0x2B5EDCB0 Fingerprint: B96A 5DFC E0D9 D615 8D28 7A1B BB8B A453 2B5E DCB0 -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPENdabuLpFMrXtywEQLOCgCg/fKnofIyIbi7KqlTnRoMUVXgcD0AoLaQ osdsCpw+VjAmliVWZveqtScr =V6Of -----END PGP SIGNATURE-----
