[VIM] Zen Cart 1.3.8 Multiple Local File Inclusion Vulnerabilities
str0ke
str0ke at milw0rm.com
Fri Jul 11 14:05:40 UTC 2008
Removing from the front end.
Thanks George,
/str0ke
George A. Theall wrote:
> FWIW, Zen Cart includes a .htaccess file in 'admin/includes' that
> prevents remote access to any PHP files in that directory:
>
> theall at lab:/var/www/localhost/htdocs/zencart>cat
> admin/includes/.htaccess
> # $Id: .htaccess 2996 2006-02-09 00:42:17Z drbyte $
> #
> # This is used with Apache WebServers
> # The following blocks direct HTTP requests in this directory
> recursively
> #
> # This does not affect PHP include/require functions
> #
> # Example: direct access to
> http://server/admin/includes/application_top.php will not work with
> the following installed
>
> <Files *.php>
> Order Deny,Allow
> Deny from all
> Allow from localhost
> </Files>
>
> This file is included in 1.3.8, which CraCkEr reports as affected as
> well as 1.3.7 and 1.3.8a, which is current.
>
> As a result, the local file include issues by milw0rm 6038 / BID 30179
> aren't likely to be exploitable in practice -- not only would you need
> to have register_globals enabled as the advisory notes, but the target
> would need to be running a web server that doesn't grok .htaccess
> files or ignores them.
>
> George
More information about the VIM
mailing list