$Id: bosen-adv.1,v1 18/05/2003 bosen Exp $ 1ndonesian Security Team (1st) Bosen Advisory #1 qShop Session Handling Vuln 18/05/2003 [1st] qShop Session Handling Vulnerability & Exploit _______________________________________________________________________________ 1ndonesian Security Team (1st) http://www.bosen.net/releases/ =============================================== !PRIVATE!!PRIVATE!!PRIVATE!!PRIVATE!!PRIVATE!!PRIVATE!!PRIVATE!!PRIVATE!!PRIVATE! qShop Session Handling vulnerability Severity : High Systems Affected: qShop v2.5 Vendor URL : http://quadcomm.com/qshop/ Bug Type : CGI - Session Handling Status : NEW - URGENT Author : Bosen Acknowledgments : Vulnerability discovery, exploit code, and advisory by Bosen Greetz to : AresU, Tioeuy, syzwz, sakitjiwa, muthafuka, gembul and all #hackers@austnet.org/centrin.net.id Vendor Response : Not Contacted (this is urgent releases!) Summary ======= From http://quadcomm.com/qshop/ "Q-Shop is the all ASP shopping cart / storefront system that covers all your needs for ecommerce web sites. Q-Shop is not just a shopping cart but a full online shop system including web based shop administration." The vulnerability lies on /admin/orders.asp Solution ======== Protect /admin site with htpasswd. Acknowledgments =============== Vulnerability discovery and advisory by Bosen Vendor Response =============== Vendor has not been contacted. (Urgent Releases) Exploit Code ============ goto vulnerble site like http://target/qshop/admin/orders.asp b00m ;) Bosen ====================== Original document can be fount at http://bosen.net/releases/?id=27