Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

fix for file disclosure bug in admin


Oleg S.

Recommended Posts

in 'file_manager.php' after the line

 

      case 'download':

 

add the following code:

 

        if (strstr($HTTP_GET_VARS['filename'], '..')) {
         tep_redirect(tep_href_link(FILENAME_FILE_MANAGER));
       }

 

 

osCommerce's File Manager Arbitrary File Disclosure

------------------------------------------------------------------------

 

 

SUMMARY

 

" <http://www.oscommerce.com/> osCommerce is an online shop e-commerce

solution under on going development by the open source community. Its

feature packed out-of-the-box installation allows store owners to setup,

run, and maintain their online stores with minimum effort and with

absolutely no costs or license fees involved". A vulnerability in the

product allows a remote attacker to access files that reside outside the

bound HTML root directory.

 

DETAILS

 

Normally osCommerce will allows you to view only osCommerce's directories,

however, if you type in the following you can view any file on the server

with the web server's permissions:

http://www.vulnerable/oscommerce/file_mana..../../etc/passwd

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...