Hi,
Just wanted to say thanks to James and Gulftech for the manner in which
they worked with the Zen Cart developers in identifying and fixing this
Exploit.
Ian C Wilson
Zen Cart Development Team
##########################################################
# GulfTech Security Research September 04, 2008
##########################################################
# Vendor : Zen Ventures, LLC
# URL : http://www.zen-cart.com
# Version : Zen Cart <= 1.3.8a
# Risk : SQL Injection
##########################################################
the user can control the URL passed to curl_exec, in some cases (if the
content is echoed back) he can read local files.
While testing our AcuSensor technology on different applications, I’ve
found a real-life example of a vulnerable application. I’m talking
about Zen Cart.
Zen Cart is an open source online store management system. It is
PHP-based, using a MySQL database and HTML components. Support is
provided for several languages and currencies, and it is freely
available under the GNU General Public License.
Zen Cart 1.3.9h Local File Inclusion Vulnerability
Name Zen Cart
Vendor http://www.zen-cart.com
Versions Affected 1.3.9h
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-11-03
