pedala1 Posted December 25, 2012 Report Share Posted December 25, 2012 1. OVERVIEWCubeCart 4.4.6 and lower versions are vulnerable to Local File Inclusion.2. BACKGROUNDCubeCart is an "out of the box" ecommerce shopping cart softwaresolution which has been written to run on servers that have PHP &MySQL support. With CubeCart you can quickly setup a powerful onlinestore which can be used to sell digital or tangible products to newand existing customers all over the world.3. VULNERABILITY DESCRIPTIONCubeCart 4.4.6 and lower versions contain a flaw that may allow aremote attacker to execute arbitrary commands or code. The issue isdue to the '/admin.php' script not properly sanitizing user input,specifically directory traversal style attacks (e.g., ../../) suppliedto the 'loc' parameter. This may allow an attacker to include a filefrom the targeted host that contains arbitrary commands or code thatwill be executed by the vulnerable script. Such attacks are limiteddue to the script only calling files already on the target host. Inaddition, this flaw can potentially be used to disclose the contentsof any file on the system accessible by the web server.4. VERSIONS AFFECTED4.4.6 and lower5. Affected URL and Parameter/admin.php (loc parameter)/admin.php?_g=filemanager/language&loc=/../../../public_ftp/uploads/hack.inc.php6. SOLUTIONThe CubeCart 4.x version family is no longer maintained by the vendor.Upgrade to the currently supported latest CubeCart version - 5.x.7. VENDORCubeCart Development TeameCommerce Software | CubeCart8. CREDITAung Khant, YGN Ethical Hacker Group :: Security Research, YGN Ethical Hacker Group, Myanmar.9. DISCLOSURE TIME-LINE2012-12-22: CubeCart 4.x in End-of-Support/Maintenance circle2012-12-24: Vulnerability disclosedSursa: CubeCart 4.4.6 Local File Inclusion ? Packet Storm Quote Link to comment Share on other sites More sharing options...
