BigCommerce - Hosted Ecommerce Software by Interspire

Interspire Forum

 
Go Back   Interspire Forum > Interspire Knowledge Manager Community Forum > Customization and Integration

 
 
Thread Tools Display Modes
  #1  
Old 07-23-2010, 10:39 PM
websnail + websnail is offline
Interspire Customer
 
Join Date: Jul 2008
Posts: 1,548
Default Security Exploit: Directory Traversal

The advisory for this problem is provided here:
http://www.security-database.com/det...+100+Alerts%29


...and having looked at the code from this it seems that someone might be able to use this code to work a little hacking magic.

Amazingly it seems the code doesn't limit calls to files within the current template/panel directory so I've written a little code that is really just thrown together but should at least stop any attempts to access anything beyond this folder.

Open: loadpanel.php

Find:
PHP Code:
    if (FrontendAccess()) {
        if (isset(
$_GET['Panel'])) {
            
$panel htmlspecialchars(str_replace('..'''$_GET['Panel']), ENT_QUOTES$GLOBALS['charset']); 
After, Add:
PHP Code:
//MOD Secure against Path Traversal Exploit            
            
$test_panel realpath(AKB_PANEL_LOAD_PATH.$panel);
            
$test_root realpath(AKB_PANEL_LOAD_PATH);
            if(
strpos($test_panel$test_root) !== 0) {
                if (isset(
$GLOBALS['debug']) && $GLOBALS['debug'] == true) {
                    echo 
"Stupid!";
                }
                die();
            }
//MOD END Secure against Path Traversal Exploit 
All this code does is use the realpath() PHP function to translate the $_GET['path'] value to one that should match the path for the template panel directory...

It not, it just dies.
__________________
ShoppingCartCommunity - Community Forum, Mods, Hacks, Add-ons & a growing KB (was InterspireD)
SnailSolutions Mod Shop - for Royal Mail Adv, Max Chars, Currency Converters, etc...
Web Mollusc appreciation fund (Paypal: info [at] websnail.net)
  #2  
Old 08-20-2010, 06:52 PM
Joshua Walcher + Joshua Walcher is offline
Josh W (Interspire Staff)
 
Join Date: Aug 2008
Posts: 594
Default

Sent over to the development team for their review and fix.
  #3  
Old 08-20-2010, 10:10 PM
websnail + websnail is offline
Interspire Customer
 
Join Date: Jul 2008
Posts: 1,548
Default

Quote:
Originally Posted by Joshua Walcher (Interspire Staff) View Post
Sent over to the development team for their review and fix.
If this is the first it's been noted that's a bit worrying... I would have hoped Interspire would be actively watching for any advisory regarding their products.

A proper fix would be welcome though as my code above was a hatchet job for speed.
__________________
ShoppingCartCommunity - Community Forum, Mods, Hacks, Add-ons & a growing KB (was InterspireD)
SnailSolutions Mod Shop - for Royal Mail Adv, Max Chars, Currency Converters, etc...
Web Mollusc appreciation fund (Paypal: info [at] websnail.net)
  #4  
Old 08-23-2010, 09:13 PM
estelle + estelle is offline
Interspire Customer
 
Join Date: Aug 2010
Posts: 2
Default

Wow, thats not good
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump