Quick.Cart *config[db_type]* Local File Inclusion Vulnerabilities

Posted on Tuesday, December 05, 2006 @ 10:48:48 CST in Security
by Raven

SECUNIA ADVISORY ID: SA23168

VERIFY ADVISORY: http://secunia.com/advisories/23168/

CRITICAL: Moderately critical

IMPACT: Exposure of sensitive information

SOFTWARE: Quick.Cart 2.x - http://secunia.com/product/12801/

DESCRIPTION: r0ut3r has reported some vulnerabilities in Quick.Cart, which can be exploited by malicious people to disclose sensitive information. Successful exploitation requires that "register_globals" is enabled and "magic_quotes_gpc" is disabled. The vulnerabilities are reported in version 2.0. Other versions may also be affected. Input passed to the "config[db_type]" parameter in multiple files is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks.

Examples:
http://[host]/actions_admin/categories.php?config[db_type]=[file]
http://[host]/actions_admin/couriers.php?config[db_type]=[file]
http://[host]/actions_admin/orders.php?config[db_type]=[file]
http://[host]/actions_admin/other.php?config[db_type]=[file]
http://[host]/actions_admin/product.php?config[db_type]=[file]
http://[host]/actions_client/gallery.php?config[db_type]=[file]
http://[host]/actions_client/orders.php?config[db_type]=[file]
http://[host]/actions_client/products.php?config[db_type]=[file]

SOLUTION: The vendor recommends to set "register_globals" to "Off".

PROVIDED AND/OR DISCOVERED BY: r0ut3r
 
 
click Related        click Share
 
News ©

Site Info

Last SeenLast Seen
  • vashd1
  • neralex
Server TrafficServer Traffic
  • Total: 515,297,333
  • Today: 56,894
Server InfoServer Info
  • May 09, 2025
  • 09:06 am CDT
 
 

Site Navigation