[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4482F533.3060200@vonostingroup.com>
Date: Sun, 04 Jun 2006 10:58:59 -0400
From: Frank Laszlo <laszlof@...ostingroup.com>
To: zeus olimpusklan <zeus.olimpusklan@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
admin@...e-h.org, org@...urity.nnov.ru
Subject: Re: bug in oscomerce
this would require access to the administrator panel to work, how is
this a vuln?
zeus olimpusklan wrote:
> ###########################################################################
> #Advisory #2 Title: file Modification in osCommerce
> #
> #
> # Author: 0o_zeus_o0
> # Contact: zeus@...sdelared.com <mailto:zeus@...sdelared.com>
> # Website: olimpusklan.org <http://olimpusklan.org>
> # Date: 27/12/2005
> # Risk: High
> # Vendor Url: http://www.oscommerce.com/
> # Affected Software: osCommerce
> # Non Affected:
> #
> # We Are: Olimpus KlaN
> #
> #TECHNICAL INFO
> #================================================================
> #
> #it is simple to operate bug as long as the file file_manager.php
> #exists in the administration panel.
> #
> #thanks to this file we can visualize archives such as configure.php
> #bug is serious since if the file has permissions of writing can modify
> #the site or to accede to the FTP of the same one
> #
> #BUG
> #================================================================
> #http://www.site.org/admin/file_manager.php
> #http://www.site.org/admin/file_manager.php?info=archive.php&action=edit
> #http://www.site.org/admin/file_manager.php?info= archive.php&action=edit
> #
> #VULNERABLE VERSIONS
> #================================================================
> # All
> #
> #
> #================================================================
> Contact information
> #0o_zeus_o0
> #zeus@...sdelared.com <http://diosdelared.com>
> #www.olimpusklan.org
> #================================================================
> #greetz: lady fire, fraude, adi, xoxo , pandora, mbyte , S.s.m.
> ##############################################################################
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists