08-18-2006, 12:25 AM
Zen Cart released a security patch for version 1.30x today to fix vulnerabilies in 4 files.
The instructions for applying the fixes are here:
http://www.zen-cart.com/forum/showthread.php?t=43579
The Secunia advisory issued 8/16:
full advisory: http://secunia.com/advisories/21484/
the original GulfTech report: http://www.gulftech.org/?node=research&article_id=00109-08152006
The instructions for applying the fixes are here:
http://www.zen-cart.com/forum/showthread.php?t=43579
The Secunia advisory issued 8/16:
Quote:Description:
James Bercegay has reported some vulnerabilities in Zen Cart, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.
1) Input passed to the "ipn_get_stored_session", "whos_online_session_recreate", and the "add_cart" functions is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
2) Certain input is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.
Examples:
http://[host]/index.php?autoLoadConfig[999][0][autoType]=include&autoLoadConfig[999][0][loadFile]=[remote file]
* The "typefilter" parameter (only local resources)
The vulnerabilities have been reported in version 1.3.0.2. Other versions may also be affected.
Solution:
Apply code changes as instructed by the vendor.
http://www.zen-cart.com/forum/showthread.php?t=43579
full advisory: http://secunia.com/advisories/21484/
the original GulfTech report: http://www.gulftech.org/?node=research&article_id=00109-08152006