Application:		oscommerce-2.2rc2a	
Authors Site:		http://www.oscommerce.com/

+--------------------------------------------------------------------------------------------+

[1]------------------------------------------------------------------------------------------>

Information Disclosure:

Various Include files have no error handling:

Example:

http://www.victim.com/oscommerce-2.2rc2a/catalog/admin/includes/application_top.php

Result:

Warning: require(includes/configure.php) [function.require]: failed to open stream: No such file or directory in /var/www/oscommerce-2.2rc2a/catalog/admin/includes/application_top.php on line 28

Fatal error: require() [function.require]: Failed opening required 'includes/configure.php' (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/oscommerce-2.2rc2a/catalog/admin/includes/application_top.php on line 28

+-[Notes:]-----------------------------------------------------------------------------------+

Vulnerabilities found on: 20/09/2009
Author(s) Informed on: Not Informed
Author(s) Response: NA
Author(s) Fix: NA

JohnC@NoBytes.com

http://www.NoBytes.com