CubeCart 5.0.7 and lower versions | Insecure Backup File Handling

2013-01-02T00:00:00
ID SECURITYVULNS:DOC:28884
Type securityvulns
Reporter Securityvulns
Modified 2013-01-02T00:00:00

Description

  1. OVERVIEW

CubeCart 5.0.7 and lower versions are vulnerable to Insecure Backup File Handling which leads to the disclosure of the application configuration file.

  1. BACKGROUND

CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful online store which can be used to sell digital or tangible products to new and existing customers all over the world.

  1. VULNERABILITY DESCRIPTION

CubeCart 5.0.7 and lower versions contain a flaw that insecurely backs up the configuration file, "global.inc.php", upon new installation or upgrade process. The name of backup configuration file is set to the year, month, day, hour, minute that the process is performed. The non-randomized nature of this backup scheme allows an attacker to retrieve the file through brute-force method.

  1. VERSIONS AFFECTED

5.0.7 and lower versions

  1. Affected Files

/setup/setup.install.php /setup/setup.upgrade.php

///////////CODE //////////////

Backup existing config file, if it exists

if (file_exists($global_file)) { rename($global_file, $global_file.'-'.date('Ymdgi')); } /////////////////////////

e.g. http://127.0.0.1/cube507/includes/global.inc.php-2012021245719 \

  1. SOLUTION

Upgrade to the latest CubeCart version - 5.x.

  1. VENDOR

CubeCart Development Team http://cubecart.com/

  1. CREDIT

Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar.

  1. DISCLOSURE TIME-LINE

2012-03-24: Vulnerability reported 2012-12-28: Vulnerability disclosed

  1. REFERENCES

Original Advisory URL: http://yehg.net/lab/pr0js/advisories/%5Bcubecart_5.0.7%5D_insecure-backup CubeCart Home Page: http://cubecart.com/

yehg [2012-12-28]


Best regards, YGN Ethical Hacker Group Yangon, Myanmar http://yehg.net Our Lab | http://yehg.net/lab Our Directory | http://yehg.net/hwd