Detections
Analytics

Zen Cart extras/curltest.php Information Disclosure

medium Nessus Plugin ID 43098

Language:

Synopsis

The remote web server contains a PHP script that can be abused to disclose the contents of local files.

Description

The installed version of Zen Cart includes a test script, 'extras/curltest.php', intended for testing that the curl PHP library is installed and working properly. It fails, though, to restrict access and can be abused to access arbitrary URLs, including local files via the 'file' protocol handler.

An anonymous remote attacker can abuse this issue to view the contents of arbitrary files on the remote host, subject to the privileges under which the web server operates, or to access arbitrary URLs, such as from hosts on an internal network that might otherwise be unavailable to the attacker.

Solution

Remove the 'extras' directory from the affected install.

See Also

https://www.securityfocus.com/archive/1/508340

https://www.zen-cart.com/showthread.php?142784-IMPORTANT-Security-Alert-Remove-extra-folders-from-your-server-after-install

Plugin Details

Severity: Medium

ID: 43098

File Name: zencart_curltest_info_disclosure.nasl

Version: 1.17

Type: remote

Family: CGI abuses

Published: 12/10/2009

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:zen-cart:zen_cart

Required KB Items: www/zencart

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Exploited by Nessus: true

Patch Publication Date: 11/28/2009

Vulnerability Publication Date: 12/9/2009

Reference Information

CVE: CVE-2009-4321

BID: 37283

CWE: 20