I have just become aware of a security problem with OpenCart 1.5.x and all previous versions.
The fix is here:
http://code.google.com/p/opencart/source/detail?r=577
you need to replace your library cache file.
system/library/cache.php
with
So far all it does is overwrite files in your site with blank ones.
I'm going to release a version 1.5.1.2 with the fix included.
sorry about this guys. I'm really kicking myself for not finding this sooner.
Maybe I doesn't understand correctly but is this also needed for the version 1.4.9.x and lower?
Op al uw computervragen een antwoord -- Extigo Computers
http://www.extigo.nl
Using OC 1.4.9.4
ok possible false alarm.
i just checked the code and their is no way this could happen.
it was reported here:
http://vickigroup.wordpress.com/2011/09 ... -versions/
they reported it today.
can anyone else please try to see if they can get this hack to work.
i just checked the code and their is no way this could happen.
it was reported here:
http://vickigroup.wordpress.com/2011/09 ... -versions/
they reported it today.
can anyone else please try to see if they can get this hack to work.
OpenCart®
Project Owner & Developer.
I can see where they are coming from with the unsanitized data, but it shouldn't actually work, and I can't get it to replicate. That said, it is possible for someone to fill your cache folder with loads of useless files. Say for example I put country_id=1.1.1.1.1.1.1.1 That would still make a cache file for country id 1 but the wrong cache name. This should be stemmed to just 1 using (int) like in the query in the localisation/zone model file
regardless I don't think the problem is going to be in the cache file itself, but in other files that call it using unsanitized data.
OpenCart commercial mods and development http://spotonsolutions.net
Layered Navigation
Shipment Tracking
Vehicle Year/Make/Model Filter
I couldn't get it to work either, though I suppose that for this particular file you should sanitize the get by calling it with an int which would kill the attack vector, and then for good measure you could check to make sure data is actually returned before you call the cache set.
OpenCart commercial mods and development http://spotonsolutions.net
Layered Navigation
Shipment Tracking
Vehicle Year/Make/Model Filter
It very much works and allows you to overwrite files and take the site down. I've tested it on on one live web server running a default(ish) install of 1.5.1.1.
-
VIEW ALL EXTENSIONS * EXTENSION SUPPORT * WEBSITE * CUSTOM REQUESTS
can you explain exactly how you managed to make it work, because as reported it very much does not work. If you don't want to post in in the open please PM me.grgr wrote:It very much works and allows you to overwrite files and take the site down. I've tested it on on one live web server running a default(ish) install of 1.5.1.1.
OpenCart commercial mods and development http://spotonsolutions.net
Layered Navigation
Shipment Tracking
Vehicle Year/Make/Model Filter
can u you pm me this hack aswell?grgr wrote:It very much works and allows you to overwrite files and take the site down. I've tested it on on one live web server running a default(ish) install of 1.5.1.1.
OpenCart®
Project Owner & Developer.
I was able to get it to write files with additional testing, but I could not make it overwrite files. On my setup the %00 killed it, but from other claims I'm guessing it works on some configurations.
OpenCart commercial mods and development http://spotonsolutions.net
Layered Navigation
Shipment Tracking
Vehicle Year/Make/Model Filter
JAY6390 wrote:There's no reason you can't update the cache file, but it should be the data input that's sanitized IMO
what exactly do you mean by that ?
thank you
What about 1.4.9.x versions? does this fix apply for that as well?
FlexiHost NZ http://www.flexihost.co.nz
Who is online
Users browsing this forum: No registered users and 38 guests
