hozarares Posted December 10, 2009 Report Share Posted December 10, 2009 (edited) Usually, curl is used to connect and retrieve data from a remote URLusing the http protocol. However, curl supports a bunch of protocols.One of these protocols is the file protocol. Using this protocol you canread local files by using an URL like file:///etc/passwd. Therefore, ifthe user can control the URL passed to curl_exec, in some cases (if thecontent is echoed back) he can read local files.Vulnerabilitatea afecteaza " /zen-cart/extras/curltest.php "Exemplu :http://site/zen-cart/extras/curltest.php?url=http://192.168.0.1 orhttp://site/zen-cart/extras/curltest.php?url=http://192.168.1.1.http://site/zen-cart/extras/curltest.php?url=file:///etc/passwdVulnerabilitatea descoperita de catre Bogdan Calin ( Acunetix ) Edited December 10, 2009 by hozarares Quote Link to comment Share on other sites More sharing options...
hozarares Posted December 10, 2009 Author Report Share Posted December 10, 2009 E cel mai bun....vulnerabilitatile in Zen Cart apar cel mai rar. Quote Link to comment Share on other sites More sharing options...
kiddo Posted December 29, 2009 Report Share Posted December 29, 2009 super tare , keep on it! Quote Link to comment Share on other sites More sharing options...