osCMax Security Update - Arbitrary Upload Exploit - osCMax


* indicates required field Email Address:* First Name:* Lists: osCMax Newsletter Release Announcements Security Alerts

Navigation
Home osCMax User Manual Template Store osCMax Templates osCommerce 2.2MS2 CRE Loaded ZenCart Forums Bug Tracker Create content Documentation Projects Projects Credit Modules Features Images Info Boxes Languages Order Total Modules oscmax Other osCMax Project Payment Modules Reports Shipping Modules Templates Zones Blogs Categories osCMax Development

User login
Username: * Password: Remember me Create new account Request new password

osCMax BugTracker
0000394: missing = 1 in query in specials function 0000396: Admin folder change may not have sufficient permissions 0000395: Defines in languages. 0000393: Articles not using the META information entered on create article page 0000392: Create account - Back button inappropriate/non functional more

Who's online
There are currently 0 users and 39 guests online.

Syndicate

osCMax Security Update - Arbitrary Upload Exploit

By michael_s at 25 Sep 2008 - 11:17pm

A security hole was found in osCMax 2.0 RC 3.0.1 that allows a remote attacker to upload files to your site via a browser.

This is a high risk vulnerability, and as such we have released osCMax 2.0 RC 3.0.2 which no longer is vulnerable to this type of exploit. In addition, the vulnerable files have been removed from the SVN repository, for all branches (RC3, RC4).

No new files or code has been added to the package, but several files have been removed. To manually patch your site, simply delete the following files/folders from your osCMax install:

/catalog/FCKeditor/editor/filemanager/browser/default/connectors/asp/
/catalog/FCKeditor/editor/filemanager/browser/default/connectors/aspx/
/catalog/FCKeditor/editor/filemanager/browser/default/connectors/cfm/
/catalog/FCKeditor/editor/filemanager/browser/default/connectors/perl/
/catalog/FCKeditor/editor/filemanager/browser/default/connectors/test.html

Removing the above files/folders closes the security hole.

by MindTwist on Fri, 09/26/2008 - 2:18am

I just received 2-3h ago an email with this info. I guess everyone else on the forum must have received, just wanted to say that it is nice to be informed when this kind of vulnerabilities are found.
Thx!

by ryoyin on Fri, 09/26/2008 - 2:23am

My company web site changed many code.
I don't think it is possible update to apply RC3.
Which files contain this kind of thread.
Or what can I do to prevent this kind of thread?

Thx for the notification.

by MindTwist on Fri, 09/26/2008 - 3:42am

Follow the link michael_s posted, you only need to delete a few files from your default OSCMAX installation, so it really doesn't matter how much you have modified your store previously

by trochia on Fri, 09/26/2008 - 3:45am

Update appreciated, but I would just like to double check something please.

Looking at the posted file paths/dirs to be removed, all mine seem to be installed under:

/filermanager/connectors ( this dir also includes /browsers )

Within

Quote:

/FCKeditor/editor/filemanager/browser/default/connectors/*.*

In /browser/default/ (as described in e-mail alert and post), this dir contains (2) dirs of: /images & /js

I am just veriying the posted pathing against what I find/see please?

Thx...Jim

by JohnW on Fri, 09/26/2008 - 8:13am

Hi Mike,

Do you have any additional info that you can share about this exploit? Are there certain files that were being uploaded or changed due to this exploit? My assumption is target files are always credit card related, database, or even email related.

Read full thread
Login or register to post comments

All times are GMT -8. The time now is 07:31 PM.

Shopping Cart Software

osCMax Security Update - Arbitrary Upload Exploit

osCMax Security Update - Arbitrary Upload Exploit