osCommerce extras/update.php 信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108937 漏洞类型 路径遍历
发布时间 2005-07-18 更新时间 2006-06-14
CVE编号 CVE-2005-2330 CNNVD-ID CNNVD-200507-244
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/25994
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200507-244
|漏洞详情
osCommerce是一套电子商务与线上商店管理的软件。基于php和mysql,它能够被使用在任何的webserver上。它是采用GNUGeneralPublicLicense授权的自由软件。osCommerce2.2的extras/update.php存在目录遍历漏洞。远程攻击者可以通过readme_file参数中的(1)".."(参数值包含'..')序列或(2)完整路径名读取任意文件从而造成信息泄露。
|漏洞EXP
source: http://www.securityfocus.com/bid/14294/info

osCommerce is prone to an information-disclosure vulnerability. An attacker could exploit this vulnerability to display the contents of any file normally readable by the webserver process.

Successful exploitation would result in information disclosure. Information obtained could aid the attacker in further attacks against the underlying system; other attacks are also possible.

This issue reportedly affects osCommerce version 2.2 milestone 2; other versions may also be vulnerable. 

http://www.example.com/catalog/extras/update.php?readme_file=/etc/passwd
http://www.example.com/catalog/extras/update.php?readme_file=../admin/.htaccess
|参考资料

来源:XF
名称:oscommerce-extrasupdate-info-disclosure(25861)
链接:http://xforce.iss.net/xforce/xfdb/25861
来源:BID
名称:14294
链接:http://www.securityfocus.com/bid/14294
来源:BUGTRAQ
名称:20060414RE:osCommerce"extras/"information/sourcecodedisclosure
链接:http://www.securityfocus.com/archive/1/431068
来源:BUGTRAQ
名称:20060414osCommerce"extras/"information/sourcecodedisclosure
链接:http://www.securityfocus.com/archive/1/431012
来源:OSVDB
名称:18249
链接:http://www.osvdb.org/18249
来源:MISC
链接:http://www.oscommerce.com/community/bugs,2835
来源:MISC
链接:http://sourceforge.net/mailarchive/message.php?msg_id=12318248
来源:SECTRACK
名称:1015944
链接:http://securitytracker.com/id?1015944
来源:MISC
链接:http://retrogod.altervista.org/oscommerce_22_adv.html