Hi , today OpenCart .
Just setup Opencart to give it a pen-test and here is initial results.
Oka Bug
OpenCart Disclose the Local Path Of server on many location , Some of them are . .
http://localhost/opencart/upload/catalog/controller/account/address.php
http://localhost/opencart/upload/catalog/controller/account/account.php
http://localhost/opencart/upload/catalog/controller/account/order.php . . .etc
Live Demo
OpenCart Own Domain
http://demo.opencart.com/catalog/controller/account/address.php
http://spotonsolutions.net/catalog/controller/account/address.php
How this issue comes And patching . . . .
When you are including different php file in one file and declaration of some variable / function in first file and using that variable / function in that file you included second.Now if this second file access by anyone directly you will got some error like ...
Variable undeclared..
Class not found blah blah.
Like we have index.php with code
include('1.php');
include('2.php');
Code of 1.php
class a {
public :
$count=0;
}
Code of 2.php
$classs = new a();
Now as you see if you access 2.php directly you will got error
Class a not found.
Because class a is define in 1.php
But if you access index.php
it will work perfect as
their is class a in 1.php and then 2.php is using that class..
So this is how many times LPD occurs.
Patching . . . .
Simplest patching
turn error reporting off .
Or
You can also do .htaccess
Order deny,allow
Deny from all
Or
You can do this
Just declare any variable in index.php or in that file you will going to include 1.php and 2.php
like
if (!defined("direct access")) {
define('
}
and then just add this on top of 1.php and 2.php
defined('
what it does simply main file declare a variable and the included files check if that variable is set or not..As you already set the value in main file it will run perfectly.
But if you direct access those files that are included in main file.then as they check if variable is set or not and in direct accessing the file will not have that variable set so it will go in die showing u access denied.
So this for today..
# Independent Pakistani Security Researcher
Just setup Opencart to give it a pen-test and here is initial results.
Oka Bug
OpenCart Disclose the Local Path Of server on many location , Some of them are . .
http://localhost/opencart/upload/catalog/controller/account/address.php
http://localhost/opencart/upload/catalog/controller/account/account.php
http://localhost/opencart/upload/catalog/controller/account/order.php . . .etc
Live Demo
OpenCart Own Domain
http://demo.opencart.com/catalog/controller/account/address.php
http://spotonsolutions.net/catalog/controller/account/address.php
How this issue comes And patching . . . .
When you are including different php file in one file and declaration of some variable / function in first file and using that variable / function in that file you included second.Now if this second file access by anyone directly you will got some error like ...
Variable undeclared..
Class not found blah blah.
Like we have index.php with code
include('1.php');
include('2.php');
Code of 1.php
class a {
public :
$count=0;
}
Code of 2.php
$classs = new a();
Now as you see if you access 2.php directly you will got error
Class a not found.
Because class a is define in 1.php
But if you access index.php
it will work perfect as
their is class a in 1.php and then 2.php is using that class..
So this is how many times LPD occurs.
Patching . . . .
Simplest patching
turn error reporting off .
Or
You can also do .htaccess
Order deny,allow
Deny from all
Or
You can do this
Just declare any variable in index.php or in that file you will going to include 1.php and 2.php
like
if (!defined("direct access")) {
define('
direct access
', true);}
and then just add this on top of 1.php and 2.php
defined('
direct access
') or die("Access Denied.");what it does simply main file declare a variable and the included files check if that variable is set or not..As you already set the value in main file it will run perfectly.
But if you direct access those files that are included in main file.then as they check if variable is set or not and in direct accessing the file will not have that variable set so it will go in die showing u access denied.
So this for today..
# Independent Pakistani Security Researcher
3 comments:
i have learn many things from your research...
It is very helpful in giving me that information
Password 1 (A2/B1) Ćwiczenia
I am agree with this article meet women for sex
Post a Comment