OS Commerce 2.2r2 - authentication bypass

ID EDB-ID:10096
Type exploitdb
Reporter Stuart Udall
Modified 2009-11-13T00:00:00


OS Commerce 2.2r2 authentication bypass. Webapps exploit for php platform

                                            When this hole was brought to our attention, we were amazed to find that it seems nobody has caught it yet!! There is a page in the admin that can be access without login AND can pass parameters!!


All work! 

We "patched" this hole by adding this line of code: 

if(strstr($_SERVER['REQUEST_URI'], "/admin/mail.php/login.php" ) !== false){
        echo "<h1>NO ACCESS</h1>";

Go fix your carts!!!!