Ravens PHP Scripts

Zen Cart Administration Security Bypass Vulnerability
Date: Wednesday, June 24, 2009 @ 21:20:50 PDT
Topic: Security


SECUNIA ADVISORY ID: SA35550

VERIFY ADVISORY: http://secunia.com/advisories/35550/

CRITICAL: Moderately Critical

DESCRIPTION: A vulnerability has been discovered in Zen Cart, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is confirmed in version 1.3.8a (full fileset 12112007). Other versions may also be affected.



The vulnerability is caused due to the application not properly restricting access to the administration panel. This can be exploited to access certain administrative functions, which can used to e.g. conduct SQL injection attacks and upload and execute arbitrary PHP code.

Note: Successful exploitation requires that the "admin" folder was not correctly renamed during the installation process.

SOLUTION: Apply patch: http://www.zen-cart.com/forum/attachment.php?attachmentid=5943&d=1245789282

PROVIDED AND/OR DISCOVERED BY: BlackH
http://milw0rm.com/exploits/9004
http://milw0rm.com/exploits/9005

ORIGINAL ADVISORY: Zen Cart: http://www.zen-cart.com/forum/showthread.php?t=130161






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3625