Oleg S. Posted May 19, 2004 Posted May 19, 2004 in 'file_manager.php' after the line case 'download': add the following code: if (strstr($HTTP_GET_VARS['filename'], '..')) { tep_redirect(tep_href_link(FILENAME_FILE_MANAGER)); } osCommerce's File Manager Arbitrary File Disclosure------------------------------------------------------------------------ SUMMARY " <http://www.oscommerce.com/> osCommerce is an online shop e-commerce solution under on going development by the open source community. Its feature packed out-of-the-box installation allows store owners to setup, run, and maintain their online stores with minimum effort and with absolutely no costs or license fees involved". A vulnerability in the product allows a remote attacker to access files that reside outside the bound HTML root directory. DETAILS Normally osCommerce will allows you to view only osCommerce's directories, however, if you type in the following you can view any file on the server with the web server's permissions: http://www.vulnerable/oscommerce/file_mana..../../etc/passwd
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.