Litecommerce Installation Script May Let Remote Users Gain Administrative Access
|
|
SecurityTracker Alert ID: 1010778
|
|
SecurityTracker URL: http://securitytracker.com/id?1010778
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jul 26 2004
|
Impact: Modification of authentication information, User access via network
|
Exploit Included: Yes
|
Version(s): 2.0.0
|
Description: Lostmon reported a vulnerability in Litecommerce. A remote user can invoke the installation script to gain administrative access on some sites.
It is reported that by default, the software leaves the 'install.php' installation file on the server after installation. A remote
user can load the file to change the administrative password. On some systems, this requires authentication but on other systems,
authentication is not required, the report said.
The following demonstration exploit URLs are provided:
http://[target]/install.php
http://[target]/path_to_shop/in
stall.php
The original advisory is available at:
http://lostmon.spymac.net/blog/
|
Impact: A remote user may be able to gain administrative access on the target system.
|
Solution: No solution was available at the time of this entry.
[Editor's note: Removing the 'install.php' script manually after installation may be an effective workaround.]
|
Vendor URL: www.litecommerce.com/products.html (Links to External Site)
|
Cause: Configuration error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
Reported By: Lostmon <lostmon@gmail.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 26 Jul 2004 15:50:05 +0200
From: Lostmon <lostmon@gmail.com>
Subject: Fwd: posible bug in litecommerce shopping cart
|
====================================
bug in Litecomerce shopping cart
Version 2.0.0
vendor http://www.litecommerce.com
original advisore http://lostmon.spymac.net/blog/
====================================
In the latest days it has left a vulnerability in postnuke,
(http://www.securitytracker.com/alerts/2004/Jul/1010755.html)
and watching after google, looking for that vulnerability and i found
possibly with another different.I have paid attention to which if we
followed that bug, we are going
to give to some installed virtual stores with litecommerce
(http://www.litecommerce.com)
in an installation by default, the store leaves to a called file
install.php like in bug mentioned; with which can to try itself to
change password or the user admin of the store
but diferent interfaces found whith diferen parameters and form
oks letīs go :)
http://www.hosts.com/install.php
http://www.host.com/path_to_shop/install.php
atuth code is need but in
some versions the auth code is need for instalation the shop
is the same version of the suit but you now its diferent i dont have
any standar key for test this in my server and/or other servers ,but
some versions of the interface are vulnerable and no need the auth code
thnx to Estrella to be my ligth
thnx to www.ayuda-internet.net for support me
thnx to Rottew & Lutrizia we are the same dream
atentamente
lostmon (lostmon@gmail.com)
--
La curiosidad es lo que hace mover la mente....
--
La curiosidad es lo que hace mover la mente....
|
|
