Re: CubeCart 5.0.7 and lower versions | Insecure Backup File Han

看板Bugtraq作者sean.時間12年前 (2013/04/27 12:32)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串2/2 (看更多)

Is it known if this exploit affects CubeCart versions 3.x and/or 4.x, or just 5.0.[0..6]? Sean Jenkins Sr. System Administrator On 12/28/2012 8:13 AM, YGN Ethical Hacker Group wrote: > 1. OVERVIEW > > CubeCart 5.0.7 and lower versions are vulnerable to Insecure Backup > File Handling which leads to the disclosure of the application > configuration file. > > > 2. BACKGROUND > > CubeCart is an "out of the box" ecommerce shopping cart software > solution which has been written to run on servers that have PHP & > MySQL support. With CubeCart you can quickly setup a powerful online > store which can be used to sell digital or tangible products to new > and existing customers all over the world. > > > 3. VULNERABILITY DESCRIPTION > > CubeCart 5.0.7 and lower versions contain a flaw that insecurely backs > up the configuration file, "global.inc.php", upon new installation or > upgrade process. The name of backup configuration file is set to the > year, month, day, hour, minute that the process is performed. The > non-randomized nature of this backup scheme allows an attacker to > retrieve the file through brute-force method. > > > 4. VERSIONS AFFECTED > > 5.0.7 and lower versions > > > 5. Affected Files > > /setup/setup.install.php > /setup/setup.upgrade.php > > ///////////CODE ////////////// > ##Backup existing config file, if it exists > if (file_exists($global_file)) { > rename($global_file, $global_file.'-'.date('Ymdgi')); > } > ///////////////////////// > > e.g. > http://127.0.0.1/cube507/includes/global.inc.php-2012021245719 \ > > > 6. SOLUTION > > Upgrade to the latest CubeCart version - 5.x. > > > 7. VENDOR > > CubeCart Development Team > http://cubecart.com/ > > > 8. CREDIT > > Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar. > > > 9. DISCLOSURE TIME-LINE > > 2012-03-24: Vulnerability reported > 2012-12-28: Vulnerability disclosed > > > 10. REFERENCES > > Original Advisory URL: > http://yehg.net/lab/pr0js/advisories/%5Bcubecart_5.0.7%5D_insecure-backup > CubeCart Home Page: http://cubecart.com/ > > #yehg [2012-12-28] > > --------------------------------- > Best regards, > YGN Ethical Hacker Group > Yangon, Myanmar > http://yehg.net > Our Lab | http://yehg.net/lab > Our Directory | http://yehg.net/hwd

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 sean. 的文章

文章代碼(AID): #1HUrJAW6 (Bugtraq)

討論串 (同標題文章)

完整討論串 (本文為第 2 之 2 篇)：

排序：最新先 | 最舊先 | 留言數

Re: CubeCart 5.0.7 and lower versions | Insecure Backup File Han Re: CubeCart 5.0.7 and lower versions | Insecure Backup File Han

sean.

12年前, 04/27

Re: CubeCart 5.0.7 and lower versions | Insecure Backup File Han Re: CubeCart 5.0.7 and lower versions | Insecure Backup File Han

12年前, 04/27

文章代碼(AID): #1HUrJAW6 (Bugtraq)