Bogdan Calin
Valery Marchuk
www.SecurityLab.ru
----- Original Message -----
From: "Bogdan Calin" <bogdan@acunetix.com>
To: <full-disclosure@lists.grok.org.uk>
Cc: <bugtraq@securityfocus.com>
Sent: Monday, January 25, 2010 12:58 PM
Subject: e107 latest download link is backdoored
CubeCart 4 Session Management Bypass
Release Date: 2009/10/29
Author: Bogdan Calin (bogdan [at] acunetix [dot] com)
Severity: Critical
Vendor Status: Vendor has released an updated version
I. Background
From Wikipedia: CubeCart is a free-to-use eCommerce software solution,
2010/1/26 Carsten Eilers <ceilers-lists@gmx.de>:
> Hi,
>
> Bogdan Calin schrieb am Mon, 25 Jan 2010 12:58:50 +0200:
>
>>The latest version of e107, version 0.7.17 contains a PHP backdoor.
>>http://e107.org/e107_files/downloads/e107_v0.7.17_full.zip
>
> The start page of e107.org, <http://e107.org/news.php>,
The security alert can be found at:
http://www.zen-cart.com/forum/showthread.php?t=142784
--
Bogdan Calin - bogdan@acunetix.com
CTO
Acunetix Ltd. - http://www.acunetix.com
Acunetix Web Security Blog - http://www.acunetix.com/blog
Hi,
Bogdan Calin schrieb am Mon, 25 Jan 2010 12:58:50 +0200:
>The latest version of e107, version 0.7.17 contains a PHP backdoor.
>http://e107.org/e107_files/downloads/e107_v0.7.17_full.zip
The start page of e107.org, <http://e107.org/news.php>,
contains suspect, probable malicious JavaScript-Code at the
top,followed by many links in the format
On Mon, Jan 25, 2010 at 2:58 AM, Bogdan Calin <bogdan@acunetix.com> wrote:
> Hi guys,
>
> The latest version of e107, version 0.7.17 contains a PHP backdoor.
> http://e107.org/e107_files/downloads/e107_v0.7.17_full.zip
Looks like the e107 team has removed this file, and reviewing the code
in the cvs repository this code does not appear there.
Best Wishes,
I'm not going to publish the proof of concept Python script.
If you have a valid reason why you would need the proof of concept, you
can contact me at this email address (bogdan [at] acunetix.com).
--
Bogdan Calin - bogdan@acunetix.com
CTO
Acunetix Ltd. - http://www.acunetix.com
Acunetix Web Security Blog - http://www.acunetix.com/blog
http://drupal.org/node/384024.
And for Drupal versions 6.x can be found at http://drupal.org/node/383724.
Thanks and have a nice day,
--
Bogdan Calin - bogdan@acunetix.com
CTO
Acunetix Ltd. - http://www.acunetix.com
Acunetix Web Security Blog - http://www.acunetix.com/blog
properly perform certificate validation.
No CVE id yet
Bogdan Calin discovered that a remote attacker could cause a denial
of service by uploading a large number of files in using multipart/
form-data requests, causing the creation of a large number of
temporary files.
To address this issue, the max_file_uploads option introduced in PHP
For now, that link is not safe.
Look at the file date, class2.php has been modified on 2010-01-23, 21:52:26
--
Bogdan Calin - bogdan@acunetix.com
CTO
Acunetix Ltd. - http://www.acunetix.com
Acunetix Web Security Blog - http://www.acunetix.com/blog
Grzegorz Stachowiak discovered that PHP did not properly enforce
restrictions in the posix_mkfifo function. An attacker could exploit this
issue to bypass open_basedir restrictions. (CVE-2009-3558)
Bogdan Calin discovered that PHP did not limit the number of temporary
files created when handling multipart/form-data POST requests. A remote
attacker could exploit this flaw and cause the PHP server to consume all
available resources, resulting in a denial of service. (CVE-2009-4017)
ATTENTION: This update changes previous PHP behaviour by limiting the
|
