Secunia Security Advisory - Cassiopeia has reported a security issue in RediCart and S-Mart Shopping Cart Script, allowing malicious people to view the configuration file.
b5a5bca50aba1f64eba5c97e91f0951d57a2a93056e21c63c123f76c73432c69
TITLE:
RediCart Exposure of Configuration File
SECUNIA ADVISORY ID:
SA13301
VERIFY ADVISORY:
http://secunia.com/advisories/13301/
CRITICAL:
Less critical
IMPACT:
Exposure of sensitive information
WHERE:
>From remote
SOFTWARE:
S-Mart Shopping Cart Script 1.x
http://secunia.com/product/4320/
RediCart 3.x
http://secunia.com/product/4319/
DESCRIPTION:
Cassiopeia has reported a security issue in RediCart and S-Mart
Shopping Cart Script, allowing malicious people to view the
configuration file.
The problem is that the configuration file "smart.cfg" by default is
located in the same directory as the CGI scripts. This can be
exploited to view the configuration.
This has been confirmed in RediCart v3.9.5b, which is based on S-Mart
Shopping Cart Script v1.9.
SOLUTION:
Edit the source code and place the configuration file in a non-public
folder.
PROVIDED AND/OR DISCOVERED BY:
Cassiopeia
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------