[VIM] CS-Cart issue maybe PHPMailer?
Steven M. Christey
coley at linus.mitre.org
Mon Jun 5 23:42:25 EDT 2006
might not be PHPmailer. Just downloaded phpmailer from that URL and
grepped for classes_dir - no go. So this might be an
interface/integration issue (speaking of which, is anybody else sick of
integration issues yet? I have a feeling it's gonna get worse).
Anyway, since you emailed the PHPMailer people I figured I'd send an
inquiry to the CS-Cart people at http://www.cs-cart.com/contact.php .
Stay tuned.
- Steve
On Mon, 5 Jun 2006, security curmudgeon wrote:
>
> http://milw0rm.com/exploits/1872
>
> The example url:
> /[CS-Cart_path]/classes/phpmailer/class.cs_phpmailer.php?classes_dir=[evil_scripts]
>
>
> Looking at the PHPMailer package (http://phpmailer.sourceforge.net/), we
> see it has "class.phpmailer.php" in it. It is likely CS-Cart utilizes the
> free PHPMailer package and the vulnerability lies in it. I am contacting
> Brent Matzelle to ask.
>
More information about the VIM
mailing list