Monday, September 24, 2012

Vulnerability in Opencart based shopping carts

I found a vulnerability which exposes the sensitive information stored in error log file of opencart web application to public. An unprotected web site will cause the log file to be crawled by legitimate bots and will be indexed in search engine result pages. For example if you want to what are the web sites which uses opencart web application as their main shopping cart application just use the following query in google and search.

PHP Warning:  unlink(system/cache/cache.currency [<a href='function.unlink'>function.unlink</a>]: No such file or directory in public_html/system/library/cache.php

This is common warning message logged by almost all of the opencart web applications in their log file. Along with this log file you can find usernames, directory structures etc which are sensitive. An unprotected system and system/log directory in opencart causes this vulnerability. This can be fixed by performing the following step as mentioned in sitefixit.

Securing The /system/ Folder

Certain files are wide-open by default. If you have installed OpenCart in your root directory, just go to http://www.yourdomain.com/system/logs/error.log and you should be able to download your error log, even if you’re a public user. You should protect these files, so create a .htaccess with the following code:


     <Files *.*>
    Order Deny,Allow
    Deny from all
    </Files> 

Then put that .htaccess file in the following 2 directories:
  1. /system/
  2. /system/logs/

1 comment:

  1. Wow, awesome blog layout! How long have you been blogging for? you made blogging look easy. The overall look of your site is excellent, let alone the content!
    eCommerce platform

    ReplyDelete