Latest YouTube Video

Saturday, November 14, 2015

[FD] XCart 5.2.6: Code Execution

Security Advisory - Curesec Research Team 1. Introduction Affected Product: XCart 5.2.6 Fixed in: 5.2.7 Fixed Version Link: http://ift.tt/1j0phqZ Vendor Contact: support@x-cart.com Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 08/13/2015 Disclosed to public: 11/04/2015 Release mode: Coordinated release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Vulnerability Description When uploading a favicon (http://localhost/anew/xcart/admin.php?target= logo_favicon), there is no check as to what type or extension the file has. This allows an attacker that gained admin credentials to upload a PHP file and thus gain code execution. 3. Solution To mitigate this issue please upgrade at least to version 5.2.7: http://ift.tt/1j0phqZ Please note that a newer version might already be available. 4. Report Timeline 08/13/2015 Informed Vendor about Issue 09/03/2015 Vendor Requests more time 10/19/2015 Vendor releases fix 11/04/2015 Disclosed to public Blog Reference: http://ift.tt/1SPwfMB

Source: Gmail -> IFTTT-> Blogger

No comments: