BugTraq
CubeCart 5.0.7 and lower versions | Insecure Backup File Handling Dec 28 2012 03:13PM
YGN Ethical Hacker Group (lists yehg net) (1 replies)
Re: CubeCart 5.0.7 and lower versions | Insecure Backup File Handling Dec 29 2012 03:02AM
Sean Jenkins (sean bluehost com) (1 replies)
Is it known if this exploit affects CubeCart versions 3.x and/or 4.x, or
just 5.0.[0..6]?

Sean Jenkins
Sr. System Administrator

On 12/28/2012 8:13 AM, YGN Ethical Hacker Group wrote:
> 1. OVERVIEW
>
> CubeCart 5.0.7 and lower versions are vulnerable to Insecure Backup
> File Handling which leads to the disclosure of the application
> configuration file.
>
>
> 2. BACKGROUND
>
> CubeCart is an "out of the box" ecommerce shopping cart software
> solution which has been written to run on servers that have PHP &
> MySQL support. With CubeCart you can quickly setup a powerful online
> store which can be used to sell digital or tangible products to new
> and existing customers all over the world.
>
>
> 3. VULNERABILITY DESCRIPTION
>
> CubeCart 5.0.7 and lower versions contain a flaw that insecurely backs
> up the configuration file, "global.inc.php", upon new installation or
> upgrade process. The name of backup configuration file is set to the
> year, month, day, hour, minute that the process is performed. The
> non-randomized nature of this backup scheme allows an attacker to
> retrieve the file through brute-force method.
>
>
> 4. VERSIONS AFFECTED
>
> 5.0.7 and lower versions
>
>
> 5. Affected Files
>
> /setup/setup.install.php
> /setup/setup.upgrade.php
>
> ///////////CODE //////////////
> ##Backup existing config file, if it exists
> if (file_exists($global_file)) {
> rename($global_file, $global_file.'-'.date('Ymdgi'));
> }
> /////////////////////////
>
> e.g.
> http://127.0.0.1/cube507/includes/global.inc.php-2012021245719 >
>
> 6. SOLUTION
>
> Upgrade to the latest CubeCart version - 5.x.
>
>
> 7. VENDOR
>
> CubeCart Development Team
> http://cubecart.com/
>
>
> 8. CREDIT
>
> Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar.
>
>
> 9. DISCLOSURE TIME-LINE
>
> 2012-03-24: Vulnerability reported
> 2012-12-28: Vulnerability disclosed
>
>
> 10. REFERENCES
>
> Original Advisory URL:
> http://yehg.net/lab/pr0js/advisories/%5Bcubecart_5.0.7%5D_insecure-backu
p
> CubeCart Home Page: http://cubecart.com/
>
> #yehg [2012-12-28]
>
> ---------------------------------
> Best regards,
> YGN Ethical Hacker Group
> Yangon, Myanmar
> http://yehg.net
> Our Lab | http://yehg.net/lab
> Our Directory | http://yehg.net/hwd

[ reply ]
Re: CubeCart 5.0.7 and lower versions | Insecure Backup File Handling Jan 01 2013 03:24AM
YGN Ethical Hacker Group (lists yehg net)


 

Privacy Statement
Copyright 2010, SecurityFocus