lintah_|adv|_15@2006>=========<[MidiCart]<===>[php b/d]
____ _________ ________________ ____ ___________ ___________
_____________ ____________ _______________
/___________________________________________________________________
_________________________________ / /
ooo000-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-
~-~-~-~-~-~-~-~-~-~-~-~-~-~000ooo/ /
/
\ \
\ Indonesian Cyber-Terrorist [
Grey Hats ] / /
\
/ /
\ iFX a.k.a inversFX
/ /
| ifx@...
| |
/
\ \
/ _________
\ \
| _____________
| |
! _____________________________
! |
:_________________________________________________.__________________
________________________________:/
| | |
| | |
locate : Indonesia, Jakarta | | |
-------------------------------- | | |
date :06/12/2006 | | |
-------------------------------- | | |
title : | | |
remote command execution through | | |
arbitary local inclusion & vuln | | |
of javascript | | |
-------------------------------- | |/\
Developer : www.MidiCart.com / \ \_
-------------------------------- __/ \__/\
Victims : Commercial use /-----------------------------\\
-------------------------------- |-----------------------------|/
\---------------------------/



PoC :
A. BYpass upload
------------------------
when you open admin page, and you see `new item`
with uplod the image and i try uplod another ( u can guess
it ;P )
then gotcha!!, you got it :)

1. open :
http://<path>/admin/add.php
2. access your file, ex ; your file is cucut.php then :
http://<path>/images/cucut.php
3. have fun :)



patch :
- use permission in that(images) folder to write --> drwxrwxr-
x

dork :
think it :)

B. Shopping cheap :D
------------------------
1.st choose what is you want to order
2.then you can go to viewcart
3.on 'Qty', fill minus [-] value on 'Qty' field, which make
it cheaper
example :
Qty Item No. Item Price USD
Total
1 6001 128MB PC2100 DDR 22.99
22.99
-1 5001 Sony 52x CDROM 12.99
0.0-1298
Product Total USD
9.100

4.all right here we go

patch :
add script which not allowed 'minus' into the variable.




----------------------------------------------------------------------
origin :
http://cupu.us/adv/15-iFX-2006-adv-midicart-phpbackdoor.txt
----------------------------------------------------------------------


iFX Said, and greet :
================================================>
Lintah [ team of destroyer fucking school ] :
--------------------------
iFX aka inversFX
BJ aka Blue_Jaccker
Sin~X aka Sin_Cross
Xpl aka Xploid
gM aka G4mm4
S3 aka Sock-3d
BRO aka BiG_ReD_OnE
fZ aka FrezZe
cTZ aka CuruTZ
--------------------------
k1tk4t solpot
matdhule Fungky
slacky Cow_1iseng
NpR thama
lapet setiawan
theSnowbrain Soey
y3d1ps Lirva32
K-159 Comex
Bithedz anomaly
tr0n: bitch(LOL) Cyb3rh3b
Cybertank Ceyen
netcom h34rt_br34ker
x-ace x16
slackX til
Silverant LasT COffin
[mR]opt1lc BeWab
Bluespy Val
NoGe ghoz
kukasih OvErDoNgO
PremanMedan sakitjiwa
t1g3r ^^Nakutta
king_purba Mr_orche
Sefirosu drygol@h4cky0u

etc.......
@DALnet

#phreakcuy
#nyubicrew @ALLINDO
#hitamputih@allindo
#e-c-h-o
#aikmel
#asiahacker
#newhack[dot]org
#h4cky0u
#groot
#javahack
#raptor
#soey
#semprol
#yogyafree
#daboxs
#jasakom
.......