SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Commerce)  >   LiteCommerce Vendors:   Qualiteam Corp.
Litecommerce Installation Script May Let Remote Users Gain Administrative Access
SecurityTracker Alert ID:  1010778
SecurityTracker URL:  http://securitytracker.com/id/1010778
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 26 2004
Impact:   Modification of authentication information, User access via network
Exploit Included:  Yes  
Version(s): 2.0.0
Description:   Lostmon reported a vulnerability in Litecommerce. A remote user can invoke the installation script to gain administrative access on some sites.

It is reported that by default, the software leaves the 'install.php' installation file on the server after installation. A remote user can load the file to change the administrative password. On some systems, this requires authentication but on other systems, authentication is not required, the report said.

The following demonstration exploit URLs are provided:

http://[target]/install.php
http://[target]/path_to_shop/install.php

The original advisory is available at:

http://lostmon.spymac.net/blog/

Impact:   A remote user may be able to gain administrative access on the target system.
Solution:   No solution was available at the time of this entry.

[Editor's note: Removing the 'install.php' script manually after installation may be an effective workaround.]

Vendor URL:  www.litecommerce.com/products.html (Links to External Site)
Cause:   Configuration error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Fwd: posible bug in litecommerce shopping cart



====================================
bug in Litecomerce shopping cart
Version 2.0.0
vendor http://www.litecommerce.com
original advisore http://lostmon.spymac.net/blog/
====================================

In the latest days it has left a vulnerability in postnuke,
(http://www.securitytracker.com/alerts/2004/Jul/1010755.html)
and watching after google, looking for that vulnerability and i found
possibly with another different.I have paid attention to which if we
followed that bug, we are going
to give to some installed virtual stores with litecommerce
(http://www.litecommerce.com)
in an installation by default, the store leaves to a called file
install.php like in bug mentioned; with which can to try itself to
change password or the user admin of the store
but diferent interfaces found whith diferen parameters and form
http://www.hosts.com/install.php
http://www.host.com/path_to_shop/install.php

atuth code is need but in
some versions the auth code is need for instalation the shop
is the same version of the suit but you now its diferent i dont have
any standar key for test this in my server and/or other servers ,but
some versions of the interface are vulnerable and no need the auth code

thnx to Estrella to be my ligth
thnx to www.ayuda-internet.net for support me
thnx to Rottew & Lutrizia we are the same dream

atentamente
lostmon (lostmon@gmail.com)


--
La curiosidad es lo que hace mover la mente....



-- 
La curiosidad es lo que hace mover la mente....


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC