1. /
  2. Security Response/
  3. Quikstore File Disclosure Vulnerability

Quikstore File Disclosure Vulnerability

Risk

High

Date Discovered

November 20, 2000

Description

A vulnerability exists in several versions of Quikstore Shopping Cart, an ecommerce script from i-Soft. A failure to properly validate user-supplied input can lead the script to disclose files not normally available to a remote user. This could include any world-readable file on the affected host, including password files, server configuration information, credit card information and business models, and other sensitive data.

Technologies Affected

  • Quikstore Quikstore 2.0.0
  • Quikstore Quikstore 2.9.10
  • Quikstore Quikstore 2.9.5
Quikstore contacted Security-Focus.com with the following fix information: As of 12/20/2000 a security patch has been created for this File Disclosure Vulnerability and is available to any registered Quikstore user by simply sending an email to <security@quikstore.com>. If the customer is uncomfortable installing this patch, we will be happy to install it for them.

References

Credits

Reported to Bugtraq by zenomorph/"admin@cgisecurity.com" on Mon, 20 Nov 2000.
Copyright © Symantec Corporation.
Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Security Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from secure@symantec.com.

Disclaimer
The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Symantec, Symantec products, Symantec Security Response, and secure@symantec.com are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.

Threat Intelligence

Subscribe
Follow the Threat Intelligence Twitter feed
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver