OS Commerce 2.2r2 authentication bypass

ID 1337DAY-ID-9982
Type zdt
Reporter Stuart Udall
Modified 2009-11-13T00:00:00


Exploit for unknown platform in category web applications

OS Commerce 2.2r2 authentication bypass

When this hole was brought to our attention, we were amazed to find that it seems nobody has caught it yet!! There is a page in the admin that can be access without login AND can pass parameters!!
All work!
We "patched" this hole by adding this line of code:
if(strstr($_SERVER['REQUEST_URI'], "/admin/mail.php/login.php" ) !== false){
        echo "<h1>NO ACCESS</h1>";

#  0day.today [2017-12-31]  #