what you don't know can hurt you

Interspire Shopping Cart Insecure Permissions

Interspire Shopping Cart Insecure Permissions
Posted Feb 23, 2012
Authored by Jan van Niekerk

Interspire Shopping Cart forces poor permissions on config.php by design and by doing so leaks information like the database login and password to any local user.

tags | exploit, local, php
MD5 | b3bd0bb7f1cad6b42498db7c4b3e5d61

Interspire Shopping Cart Insecure Permissions

Change Mirror Download
Interspire Shopping Cart

config/config.php MUST be httpd-readable (inter-domain read access
permitted, which is a problem on shared hosting)

About product:
What is Interspire Shopping Cart?
Interspire Shopping Cart is the most feature rich, all-in-one shopping
cart software available. It has an enterprise-grade feature set and is
trusted by more than 15,000 businesses in over 65 countries.

This software uses the permissions for config/config.php to determine
the permissions for uploaded product image files.  Since images have
to be readable by the web server user, the config/config.php file must
also be readable by the web server user.  This means that for almost
all shared hosting configurations, config/config.php is insecure -- by
design.  You can set secure permissions on config.php, but this will
invariably cause static images to be unreadable by the web server.
Effectively this means that wherever you find Interspire shopping
cart, you can take over administration as another user on the same

Vendor response:
"I am aware of how hackers can read configuration files if they have
an account on the same server. However, this is an issue for hosting
companies, not for us. We are not mandating anything. It is just a
fact that the large majority of hosting companies do not run suphp."
"It does not look like we are going to agree on this. In my view, this
is entirely a hosting related issue, one that can be "fixed" by
modifying the config/config.php permissions."

Look for /home/*/public_html/config/config.php file, or make a symlink
to it and read it via the web server.  The interesting bits are ...
$GLOBALS['ISC_CFG']["dbServer"] = 'localhost';
       $GLOBALS['ISC_CFG']["dbUser"] = 'somedatabse_user';
       $GLOBALS['ISC_CFG']["dbPass"] = 'somesecret';
       $GLOBALS['ISC_CFG']["dbDatabase"] = 'somedatabase_name';
       $GLOBALS['ISC_CFG']["tablePrefix"] = 'isc_';
       Once you have database access, application authentication data
is in the table isc_users (md5 auth if you want to google it, or you
can set your own password and lock the regular user out).


1. Have a chat with your hosting company and ask them not to let
anyone else on the server you are sharing be hacked.  (Recommended by

2. In lib/init.php, the following HACK tells the software to ignore
the permissions on config/config.php.  After this you can set the
permissions securely without breaking the application:

       //define('ISC_WRITEABLE_FILE_PERM', fileperms(ISC_CONFIG_FILE));
       //define('ISC_WRITEABLE_DIR_PERM', fileperms(dirname(ISC_CONFIG_FILE)));
       define('ISC_WRITEABLE_FILE_PERM', 0644);
       define('ISC_WRITEABLE_DIR_PERM', 0755);

3. Use other software (e.g. oscommerce, ha ha :)

4. Unpredictable DocumentRoot will help. Chroot of other users will
seem to help, provided symbolic links are not permitted.


RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    7 Files
  • 19
    Oct 19th
    1 Files
  • 20
    Oct 20th
    3 Files
  • 21
    Oct 21st
    12 Files
  • 22
    Oct 22nd
    11 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2019 Packet Storm. All rights reserved.

Security Services
Hosting By