===============================================================================
Article about vulnerables in the FreeShop scripts.
===============================================================================
The freeShop is the slide for on-line shops and MUST HAVE HIGH SECURITY.
But the free versions of this scripts has some dangerous vulnerables
which allow getting access and modification database of goods, using
XSS, SQL Injecting and DoS attacks.
First of all hacker can get user name and password for getting access to
MySQL database. Configuration file for connection is located in /cfg/connect.inc
file. The user name and password is written at this file as plain text.
This file is included address of database server and database name too.
Then next bug is access for admin scripts is allowed for all users. Admin
scripts hasn't their authorisation and allow all users to get, insert, delete
and update information at database. This is the dangerous vulnerabel in this
on-line shop. For using this bug you must connect to /cfg/admin.php
There are SQL Injecting bugs in the all scripts which use database and parameters.
Parameters of scripts are information which should get from database using
SQL qeries. But all scripts DON'T CHECK this parameters and hacker can add
SQL commands to the query.
In administration scripts which add information to database hacker can use
XSS attacks bacause data, which add to database and data which client gets
in his browser isn't checked that is scripts don't check data on keeping
HTML special chars. Hacker can use redirects, getting cookie files, making
DoS attacks on client's web browser and other.
cmpliteorder.php script may be used for sending e-mail to random e-mail address.
For example, hacker can make DoS attack on mailbox. (He should use script because
mail body too short and for DoS attack he should do much appeals to this script.)
This DoS attack will act on random mailbox and on address of the sales manager of
this shop.
CONCLUSION
----------------------------------------------------------------------------------
If you want to open on-line shop you shouldn't use his scripts, but ifyou haven't
other scripts you should use http authorisation for access to administration
program. If you know php you should rewrite and debug this scripts because it
has some vulnerables.
подробно о проекте
Анализ криптографических сетевых...
новое сообщение
закрытая нитка
новое сообщение
в закрытой нитке
старое сообщение
