COMMAND
iHTML Merchant
SYSTEMS AFFECTED
iHTML Merchant for Unix/Windows 95/98/NT
PROBLEM
Following is based on Team Asylum Security Advisory. iHTML
Merchant, written by Inline Internet Systems Inc., is an
e-commerce solution programmed in iHTML which allows complicated
web programming tasks to be done by anyone with basic knowledge
of HTML and their web server of choice. Over 2,700 online
merchants run iHTML Merchant. In turn, they can run dozens more
stores off that single product.
Team Asylum has discovered a vulnerability that exists in iHTML
Merchant which would allow a malicious hacker to (at the very
least) view the protected files in the website's administrative
section, giving the attacker the ability to view credit card
information. If the iHTML Merchant is being run on Windows
95/98/NT the vulnerability is much more severe. The vulnerability
exists in how iHTML Merchant parses code. The attacker could:
1) Delete any file on the server
2) Write a file to any folder on the server.
3) Upload a trojan.
4) Steal credit card numbers, and other hidden information.
If the iHTML Merchant is being run on UNIX, the possibility exists
that the web site could be altered. These findings reflect
the default settings for 95/98/NT and iHTML Merchant.
SOLUTION
Inline Internet Systems has released patches for the "feedback
vulnerability" in iHTML Merchant. Patches:
http://www.ihtmlmerchant.com/support_patches_feedback.htm
Advisory:
http://www.team-asylum.com/advisories/files/09-16-99-ihtml.txt
Below is a temporary fix that can be integrated with iHTML
Merchant:
<iEQ name="brac" value=<iSTRIN SRC=":email" DST="<">>
<iIF NOTCOND=<iSTRNICMP SRC=:brac DST="0">>
For security reasons, your message was not sent.<br>Please verify that you
entered your email address correctly, by going <a
href="javascript:history.back(1)">back</a><br>
<iinclude name="template/footer.ihtml">
<iSTOP>
</iIF>