[VIM] FALSE -> PHP Point of Sale (osCommerce) LFI

Heinbockel, Bill heinbockel at mitre.org
Fri Apr 27 14:00:42 UTC 2007


>From a BUGTRAQ posting last month,
  PHP Point Of Sale for osCommerce <= (index.php) Remote File Include
Vuln
  http://marc.info/?l=bugtraq&m=117399405001938&w=2


In index.php:
> <?php
>  session_start();
>  include ("settings.php");
>  include ("language/$cfg_language");

>From the download, settings.php exists, but is empty.
According to the readme.txt file, the user is suppose to install
the application via install/index.php. Here, the user is prompted
to select their language, which is passed to install/installer.php.

In installer.php:
> <?php
> $language=$_POST['language'];
>
> $info="
> <?php
>    \$cfg_language=\"$language\";
>
> ?>";
>        $open = fopen( "../settings.php", "w+" ) or die ( "Operation
Failed!" );
>        fputs( $open, "$info" );
>        fclose( $open );
>
>
> include("../settings.php");
> include("../language/$cfg_language");


So, this is no issue if the user follows the installation instructions.


William Heinbockel
Infosec Engineer, Sr.
The MITRE Corporation
202 Burlington Rd. MS S145
Bedford, MA 01730
heinbockel at mitre.org
781-271-2615


More information about the VIM mailing list