ViArt Shop Enterprise 4.1 Arbitrary Command Execution

26 settembre 2012 - Fonte: http://www.mondounix.com Lascia il tuo commento »
E' la tua prima volta qui? Allora iscriviti GRATIS ai nostri feeds!  
<?php
 
/*
 
ViArt Shop Enterprise 4.1 Arbitrary Command Execution Vulnerability
 
 
Vendor: ViArt Software
Product web page: http://www.viart.com
Affected version: 4.1, 4.0.8, 4.0.5
 
Summary: Viart Shop is a PHP based e-commerce suite, aiming to provide
everything you need to run a successful on-line business.
 
Desc: Input passed to the 'DATA' POST parameter in 'sips_response.php'
is not properly sanitised before being used to process product payment
data. This can be exploited to execute arbitrary commands via specially
crafted requests.
 
Condition: register_globals=On
 
=======================================================================
Vuln:
-----
/payments/sips_response.php:
----------------------------
 
16: if (isset($_POST['DATA'])) {
17:
18:     $params  = " message=" . $_POST['DATA'];
19:     $params .= " pathfile=" .  $payment_params['pathfile'];
20:     exec($payment_params['path_bin_resp'] . $params, $result);
 
-----------------------------------------------------------------------
Fix:
----
/payments/sips_response.php:
----------------------------
 
5: if (!defined("VA_PRODUCT")) {
6:     header...

Leggi il seguito »

























      	








SEGNALA / INVIA QUESTO POST:  Share




Hai trovato questo articolo interessante? Iscriviti GRATIS ai nostri feeds! 

Inserito in , , , , , , , , , , , , ,

Lascia un Commento