lintah_|adv|_15@2006>=========<[MidiCart]<===>[php b/d] ____ _________ ________________ ____ ___________ ___________ _____________ ____________ _______________ /___________________________________________________________________ _________________________________ / / ooo000-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~- ~-~-~-~-~-~-~-~-~-~-~-~-~-~000ooo/ / / \ \ \ Indonesian Cyber-Terrorist [ Grey Hats ] / / \ / / \ iFX a.k.a inversFX / / | ifx@... | | / \ \ / _________ \ \ | _____________ | | ! _____________________________ ! | :_________________________________________________.__________________ ________________________________:/ | | | | | | locate : Indonesia, Jakarta | | | -------------------------------- | | | date :06/12/2006 | | | -------------------------------- | | | title : | | | remote command execution through | | | arbitary local inclusion & vuln | | | of javascript | | | -------------------------------- | |/\ Developer : www.MidiCart.com / \ \_ -------------------------------- __/ \__/\ Victims : Commercial use /-----------------------------\\ -------------------------------- |-----------------------------|/ \---------------------------/ PoC : A. BYpass upload ------------------------ when you open admin page, and you see `new item` with uplod the image and i try uplod another ( u can guess it ;P ) then gotcha!!, you got it :) 1. open : http:///admin/add.php 2. access your file, ex ; your file is cucut.php then : http:///images/cucut.php 3. have fun :) patch : - use permission in that(images) folder to write --> drwxrwxr- x dork : think it :) B. Shopping cheap :D ------------------------ 1.st choose what is you want to order 2.then you can go to viewcart 3.on 'Qty', fill minus [-] value on 'Qty' field, which make it cheaper example : Qty Item No. Item Price USD Total 1 6001 128MB PC2100 DDR 22.99 22.99 -1 5001 Sony 52x CDROM 12.99 0.0-1298 Product Total USD 9.100 4.all right here we go patch : add script which not allowed 'minus' into the variable. ---------------------------------------------------------------------- origin : http://cupu.us/adv/15-iFX-2006-adv-midicart-phpbackdoor.txt ---------------------------------------------------------------------- iFX Said, and greet : ================================================> Lintah [ team of destroyer fucking school ] : -------------------------- iFX aka inversFX BJ aka Blue_Jaccker Sin~X aka Sin_Cross Xpl aka Xploid gM aka G4mm4 S3 aka Sock-3d BRO aka BiG_ReD_OnE fZ aka FrezZe cTZ aka CuruTZ -------------------------- k1tk4t solpot matdhule Fungky slacky Cow_1iseng NpR thama lapet setiawan theSnowbrain Soey y3d1ps Lirva32 K-159 Comex Bithedz anomaly tr0n: bitch(LOL) Cyb3rh3b Cybertank Ceyen netcom h34rt_br34ker x-ace x16 slackX til Silverant LasT COffin [mR]opt1lc BeWab Bluespy Val NoGe ghoz kukasih OvErDoNgO PremanMedan sakitjiwa t1g3r ^^Nakutta king_purba Mr_orche Sefirosu drygol@h4cky0u etc....... @DALnet #phreakcuy #nyubicrew @ALLINDO #hitamputih@allindo #e-c-h-o #aikmel #asiahacker #newhack[dot]org #h4cky0u #groot #javahack #raptor #soey #semprol #yogyafree #daboxs #jasakom .......