Quick.Cart *config[db_type]* Local File Inclusion Vulnerabilities

Posted on Tuesday, December 05, 2006 @ 11:48:48 UTC in Security
by Raven

SECUNIA ADVISORY ID: SA23168

VERIFY ADVISORY: http://secunia.com/advisories/23168/

CRITICAL: Moderately critical

IMPACT: Exposure of sensitive information

SOFTWARE: Quick.Cart 2.x - http://secunia.com/product/12801/

DESCRIPTION: r0ut3r has reported some vulnerabilities in Quick.Cart, which can be exploited by malicious people to disclose sensitive information. Successful exploitation requires that "register_globals" is enabled and "magic_quotes_gpc" is disabled. The vulnerabilities are reported in version 2.0. Other versions may also be affected. Input passed to the "config[db_type]" parameter in multiple files is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks.

Examples:

http://[host]/actions_admin/categories.php?config[db_type]=[file]
http://[host]/actions_admin/couriers.php?config[db_type]=[file]
http://[host]/actions_admin/orders.php?config[db_type]=[file]
http://[host]/actions_admin/other.php?config[db_type]=[file]
http://[host]/actions_admin/product.php?config[db_type]=[file]
http://[host]/actions_client/gallery.php?config[db_type]=[file]
http://[host]/actions_client/orders.php?config[db_type]=[file]
http://[host]/actions_client/products.php?config[db_type]=[file]

SOLUTION: The vendor recommends to set "register_globals" to "Off".

PROVIDED AND/OR DISCOVERED BY: r0ut3r
 
 
click Related        click Share
 
News ©

Site Info

Last SeenLast Seen
  • neralex
  • nextgen
Server TrafficServer Traffic
  • Total: 481,640,559
  • Today: 7,861
Server InfoServer Info
  • Mar 29, 2024
  • 06:01 am UTC