High priority security-fix Magento 1.5.0.1
Thursday, 10 February 2011A couple of days ago, Magento 1.5.0 was released. Unfortunately, yesterday already a vulnerability was discovered which allows attackers to fetch any Magento file from a specific URL - including sensitive files containing the used Magento version and database access details. For this, Magento 1.5.0.1 was released. But fixing is not as straight forward as upgrading to 1.5.0.1.
The vulnerability
The flaw was that the file get.php allows somebody to easily fetch the contents of a specific file. While this was designed to include only files from the media-folder, actually any file within the Magento folders can be accessed - including system-files like app/etc/local.xml and app/Mage.php which contain information vital to hackers.
The fix of Magento 1.5.0.1
With Magento 1.5.0.1, the file get.php is simply removed Unfortunately, a Magento upgrade could take place in various forms. If you start with a fresh Magento 1.5.0.1 install and copy all your local changes to it, the get.php file will be skipped and you're in the safe. But if you start copying Magento 1.5.0.1 files to your current Magento 1.5.0 installation, the file get.php will remain in place and a lot of sensitive information will be available through the web.
Get rid of get.php
To make sure you are not vulnerable, you need to manually remove the file get.php from the Magento root.