CIA Security Research, Security Alerts, Security Tools for Application Security

- Top Vulnerabilities

- Resources

- Alerts

- Disclosure Guidelines

- Library Updates

- Cenzic Newsletter

- White Paper Download

CIA RESEARCH

Alerts

[CIA-1047-Alert] osCommerce Extras Directory Traversal Vulnerability

Summary:

A vulnerability in osCommerce versions 2.2 allows a remote attacker to read files off of the servers local drive via Directory Traversal.

Technical Details:

osCommerce is a popular e-Commerce framework written in PHP. OsCommerce version 2.2, and possibly earlier versions, has a directory traversal vulnerability that allows an attacker to view files outside of the web server root directory using a "../" characters. The attack allows arbitrary files to be viewed with the associated permissions of of the web server process. The example URL below shows one example of the attack against a Microsoft Windows platform.

targetserver/extras/update.php?read_me=0&readme_file=../../../../../../../../../boot.ini

Although the attack requires the "extras" directory to be installed, sites running affected versions should upgrade to a fixed version even if the "extras" package is not being used. For details on the upgrade refer to the "Solutions" section. If a fixed version is not yet available, sites running osCommerce should remove the /extras directory until a solution is available.

Solution:

Contact the vendor to determine if a fixed version is available.

CVE Reference:

CVE-2005-2330

SecurityTracker Number(s):

1015944

Vendor URL:

http://www.oscommerce.com

About the Cenzic CIA Team:

Cenzic Intelligent Analysis (CIA) is Cenzic's research arm that focuses on continuous research for application vulnerabilities. Industry Research, Vulnerability assessment, penetration testing, and security testing - that's what Cenzic Intelligent Analysis Research is all about. Cenzic has dedicated experts whose sole job is to perform ongoing research to find not only common vulnerabilities but also vulnerabilities found in customer applications and make them available to our customers and to the community at large.

About Cenzic:

Cenzic provides Hailstorm® the revolutionary enterprise software suite for automated application security assessment and compliance that allows corporations and government organizations to dramatically improve the security of commercial and custom applications. Hailstorm enables security experts, QA professionals, and developers to work together to assess, analyze, and remediate applications for security vulnerabilities, and verify compliance with security policies. Benefits include reduced security risk and liability, lower development and testing costs, and faster time-to-market. Cenzic's customers are currently in the financial services and e-marketplaces sectors. For more information visit www.cenzic.com or call 1-866-4-CENZIC


>	Datasheet: Hailstorm Enterprise ARC
>	Datasheet: Hailstorm Pro
>	Datasheet: Hailstorm Starter
>	Datasheet: Hailstorm Core
>	White Paper: Beyond Simple Vulnerabilities Scanning
>	White Paper: Cross Frame Scripting
>	White Paper: Cenzic Imperative Assessment Plan
>	White Paper: Enabling Security in the Software Development Lifecycle (PDF)