New osCommerce Bug (serious)

Written by: burt
Date: July 20, 2005
Filed under: osCommerce
Trackback

http://online.securityfocus.com/bid/14294/info

osCommerce is prone to an information disclosure vulnerability. An attacker could exploit this vulnerability to display the contents of any file normally readable by the Web server process.

Successful exploitation would result in information disclosure. Information obtained could be used to aid in further attacks against the underlying system; other attacks are also possible.

This issue reportedly affects osCommerce version 2.2 milestone 2; other versions may also be vulnerable.

Exploit:
http://www.example.com/catalog/extras/update.php?readme_file=/etc/passwd

Solution:
Remove the "extras" folder as this is not needed to run osCommerce.

In plain English:
This exploit allows an attacker to view files on the server that are not a part of osCommerce, and could theoretically hack the server.

Comments

  1. Comment by WizardsandWars — July 20, 2005 @ 11:45 am

    Wow, that's an ugly one.

    I'll put that one up there with the 'change the language and make the prices all $0' exploit.

    There's another bug that does something similar to this one, where using it could allow you to view all files on the server, even outside of your account, but I don't remember off the top of my head what it is. I'll look it up and post it here later.

Sorry, the comment form is closed at this time.


Did you enjoy reading this?
Please consider subscribing to our RSS Feed!


Subscribe by Email
Get notified by email every time we update this Blog!


 

Subscribe (RSS)

Recent Comments

Sponsored By

What Others Are Saying