TITLE:
RediCart Exposure of Configuration File

SECUNIA ADVISORY ID:
SA13301

VERIFY ADVISORY:
http://secunia.com/advisories/13301/

CRITICAL:
Less critical

IMPACT:
Exposure of sensitive information

WHERE:
>From remote

SOFTWARE:
S-Mart Shopping Cart Script 1.x
http://secunia.com/product/4320/
RediCart 3.x
http://secunia.com/product/4319/

DESCRIPTION:
Cassiopeia has reported a security issue in RediCart and S-Mart
Shopping Cart Script, allowing malicious people to view the
configuration file.

The problem is that the configuration file "smart.cfg" by default is
located in the same directory as the CGI scripts. This can be
exploited to view the configuration.

This has been confirmed in RediCart v3.9.5b, which is based on S-Mart
Shopping Cart Script v1.9.

SOLUTION:
Edit the source code and place the configuration file in a non-public
folder.

PROVIDED AND/OR DISCOVERED BY:
Cassiopeia

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------